公开(公告)号：US20220394034A1

公开(公告)日：2022-12-08

申请号：US17340494

申请日：2021-06-07

Applicant: Citrix Systems, Inc.

Inventor： Seth K. Keith ,  Saravanakumar Annamalaisami ,  Krishna Khanal ,  Ratnesh Singh Thakur

IPC: H04L29/06 ,  G06F9/54

Abstract: Reducing vulnerability to a server is provided. A device intermediary to a client and a server can receive a RPC message from the RPC based client to the RPC based server, the RPC message having a plurality of fields to execute one or more routines on the server. The device can detect that one or more fields of the plurality of fields exploits a vulnerability of the RPC based server. The device can modify the RPC message to remove the one or more fields from the RPC message. The device can forward the modified RPC message to the RPC server.

公开(公告)号：US09172650B2

公开(公告)日：2015-10-27

申请号：US13913192

申请日：2013-06-07

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L12/823 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L47/32 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1029 ,  H04L69/16

Abstract: The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.

Abstract translation: 本申请涉及用于通过中间多核系统向一个或多个服务器提供连接浪涌保护的系统和方法。 作为在多个客户机和一个或多个服务器之间的中介部署的多核设备的分组处理引擎，基于接收到的请求的本地计数器的值来确定所有分组处理引擎接收的总待决请求的估计数量， 所有其他分组处理引擎以最后一个预定间隔接收到的未决请求的总数，以及所有其他分组处理引擎所接收的待处理请求总数乘以自上一个预定间隔以来的时间的变化率。 分组处理引擎响应于所确定的总待决请求的估计数量，将接收的未决请求应用浪涌保护策略。

公开(公告)号：US09497262B2

公开(公告)日：2016-11-15

申请号：US14335404

申请日：2014-07-18

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/288 ,  H04L67/325 ,  H04L67/42

Abstract: A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response.

Abstract translation: 一种用于采样管理的方法包括：对于包含在相应多个核上执行的多个分组评估组件的多核心中介，建立多核中介拦截从服务器发送到客户端的响应并注入的频率 数据进入截获的响应。 对于多个分组评估组件中的每一个，建立基于多个分组评估组件中的分组评估分量的数量的偏移和频率，所建立的频率的组合与为多核建立的频率基本相似 中介。 多个核心中的一个在由频率和偏移指定的时间内截获从服务器到客户端的响应。 在多个核心中的一个上执行的分组评估组件将数据注入被截获的响应中。

公开(公告)号：US09268736B2

公开(公告)日：2016-02-23

申请号：US13762129

申请日：2013-02-07

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L9/00 ,  G06F15/167 ,  H04L29/06

CPC classification number: G06F15/167 ,  H04L63/123 ,  H04L63/168

Abstract: The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.

Abstract translation: 本申请涉及用于生成和维护跨多核系统中的多个核心的安全保护的cookie一致性的系统和方法。 在指定为主分组处理引擎的一个核上执行的分组处理引擎生成并维护全局随机种子。 全局随机种子可以被用作通过使用确定性伪随机数生成函数在多核系统的多个核上执行的多个分组处理引擎中的每一个来创建cookie签名的初始种子，使得每个核心 创建一组相同的cookie签名。

公开(公告)号：US20150019630A1

公开(公告)日：2015-01-15

申请号：US14335404

申请日：2014-07-18

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/288 ,  H04L67/325 ,  H04L67/42

Abstract: A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response.

Abstract translation: 一种采样管理方法包括：对于包含在相应多个核上执行的多个分组评估组件的多核心中介，建立多核中介拦截从服务器向客户发送的响应的频率，并注入 数据进入截获的响应。 对于多个分组评估组件中的每一个，建立基于多个分组评估组件中的分组评估分量的数量的偏移和频率，所建立的频率的组合与为多核建立的频率基本相似 中介。 多个核心中的一个在由频率和偏移指定的时间内截获从服务器到客户端的响应。 在多个核心中的一个上执行的分组评估组件将数据注入被截获的响应中。

公开(公告)号：US20140258390A1

公开(公告)日：2014-09-11

申请号：US14286296

申请日：2014-05-23

Applicant: Citrix Systems, Inc.

Inventor： Saravanakumar Annamalaisami ,  Anil Shetty ,  Josephine Suganthi ,  Akshat Choudhary

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L67/42 ,  G06Q10/10 ,  H04L61/2007 ,  H04L67/2814 ,  H04L67/2842 ,  H04L69/16 ,  H04L69/324

Abstract: The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address.

Abstract translation: 本公开提供了用于在执行中间缓存重定向的同时维护请求的原始源和目的地IP地址的系统和方法。 中介接收来自发往服务器的客户端的请求，该服务器标识客户端IP地址作为源IP地址，服务器IP地址作为目的地IP地址。 中介将请求发送到缓存服务器，请求维护原始IP地址，并将缓存服务器的MAC地址识别为目的MAC地址。 中继器响应于高速缓存未命中从缓存服务器接收请求，所接收的请求保持原始源和目的地IP地址。 识别第三请求的中介通过第三传输层连接的一个或多个数据链路层属性从缓存服务器发出。 中介向服务器发送将客户端IP地址标识为源IP地址和服务器IP地址作为目标IP地址的请求。

公开(公告)号：US20130275617A1

公开(公告)日：2013-10-17

申请号：US13913192

申请日：2013-06-07

Applicant: Citrix Systems, Inc.

Inventor： Roy Rajan ,  Saravanakumar Annamalaisami

IPC: H04L12/70

CPC classification number: H04L47/32 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1029 ,  H04L69/16

Abstract: The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.

Abstract translation: 本申请涉及用于通过中间多核系统向一个或多个服务器提供连接浪涌保护的系统和方法。 作为在多个客户机和一个或多个服务器之间的中介部署的多核设备的分组处理引擎，基于接收到的请求的本地计数器的值来确定所有分组处理引擎接收的总待决请求的估计数量， 所有其他分组处理引擎以最后一个预定间隔接收到的未决请求的总数，以及所有其他分组处理引擎所接收的待处理请求总数乘以自上一个预定间隔以来的时间的变化率。 分组处理引擎响应于所确定的总待决请求的估计数量，将接收的未决请求应用浪涌保护策略。

公开(公告)号：US11991177B2

公开(公告)日：2024-05-21

申请号：US17340494

申请日：2021-06-07

Applicant: Citrix Systems, Inc.

Inventor： Seth K. Keith ,  Saravanakumar Annamalaisami ,  Krishna Khanal ,  Ratnesh Singh Thakur

IPC: H04L29/06 ,  G06F9/54 ,  H04L9/40

CPC classification number: H04L63/10 ,  G06F9/547 ,  H04L63/1408

Abstract: Reducing vulnerability to a server is provided. A device intermediary to a client and a server can receive a RPC message from the RPC based client to the RPC based server, the RPC message having a plurality of fields to execute one or more routines on the server. The device can detect that one or more fields of the plurality of fields exploits a vulnerability of the RPC based server. The device can modify the RPC message to remove the one or more fields from the RPC message. The device can forward the modified RPC message to the RPC server.

公开(公告)号：US09237208B2

公开(公告)日：2016-01-12

申请号：US14286296

申请日：2014-05-23

Applicant: Citrix Systems, Inc.

Inventor： Saravanakumar Annamalaisami ,  Anil Shetty ,  Josephine Suganthi ,  Akshat Choudhary

IPC: G06F15/16 ,  G06F15/173 ,  H04L12/28 ,  H04L29/06 ,  G06Q10/10 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L67/42 ,  G06Q10/10 ,  H04L61/2007 ,  H04L67/2814 ,  H04L67/2842 ,  H04L69/16 ,  H04L69/324

Abstract: The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address.

Abstract translation: 本公开提供了用于在执行中间缓存重定向的同时维护请求的原始源和目的地IP地址的系统和方法。 中介接收来自发往服务器的客户端的请求，该服务器标识客户端IP地址作为源IP地址，服务器IP地址作为目的地IP地址。 中介将请求发送到缓存服务器，请求维护原始IP地址，并将缓存服务器的MAC地址识别为目的MAC地址。 中继器响应于高速缓存未命中从缓存服务器接收请求，所接收的请求保持原始源和目的地IP地址。 识别第三请求的中介通过第三传输层连接的一个或多个数据链路层属性从缓存服务器发出。 中介向服务器发送将客户端IP地址标识为源IP地址和服务器IP地址作为目标IP地址的请求。