Described systems and methods enable protecting client devices (e.g., personal computers and IoT devices) implementing encrypted DNS protocols against harmful or inappropriate Internet content. A DNS proxy intercepts an attempt to establish an encrypted communication session between a client device and a DNS server. Without decrypting any communications, some embodiments of the DNS proxy determine an identifier of the respective session and an identifier of the client device, and send a query tracer connecting the session identifier with the client identifier to a security server. In some embodiments, the security server obtains the domain name included in an encrypted DNS query from the DNS server and instructs the DNS server to allow or block access of the client device to the respective Internet domain according to a device- and/or user-specific access policy.

Described systems and methods enable protecting client devices (e.g., personal computers and IoT devices) implementing encrypted DNS protocols against harmful or inappropriate Internet content. A DNS proxy intercepts an attempt to establish an encrypted communication session between a client device and a DNS server. Without decrypting any communications, some embodiments of the DNS proxy determine an identifier of the respective session and an identifier of the client device, and send a query tracer connecting the session identifier with the client identifier to a security server. In some embodiments, the security server obtains the domain name included in an encrypted DNS query from the DNS server and instructs the DNS server to allow or block access of the client device to the respective Internet domain according to a device- and/or user-specific access policy.

A computer-implemented method according to one embodiment includes identifying that a direct communications connection exists between a first device and a second device; and optimizing information transmitted between the first device and the second device over the direct communications connection.

A computer-implemented method according to one embodiment includes identifying that a direct communications connection exists between a first device and a second device; and optimizing information transmitted between the first device and the second device over the direct communications connection.

A system with co-resident data-plane and network interface controllers embodying a method for network switching of a data packet incoming from a network at a packet input processor portion of a network interface resource comprising the packet input processor, a packet output processor, and a network interface controller, implemented as a module or a single chip, to a target entity via either the network interface controller or the packet input processor is disclosed.

A system with co-resident data-plane and network interface controllers embodying a method for network switching of a data packet incoming from a network at a packet input processor portion of a network interface resource comprising the packet input processor, a packet output processor, and a network interface controller, implemented as a module or a single chip, to a target entity via either the network interface controller or the packet input processor is disclosed.

The present disclosure relates to radio network communication. In one of its aspects, the disclosure presented herein concerns a method for assigning a value representing a length of a data packet to a field. The method is implemented in an apparatus. According to the method, a size of the data packet is determined. Based on the determined size of the data packet, the size of the field is set. The determined size of the data packet is then compared against a value threshold, and based on the comparison and based on the determined size of the data packet, a value representing the length of the data packet is calculated. The calculated value representing the length of the data packet is then assigned to the field.

The present disclosure relates to radio network communication. In one of its aspects, the disclosure presented herein concerns a method for assigning a value representing a length of a data packet to a field. The method is implemented in an apparatus. According to the method, a size of the data packet is determined. Based on the determined size of the data packet, the size of the field is set. The determined size of the data packet is then compared against a value threshold, and based on the comparison and based on the determined size of the data packet, a value representing the length of the data packet is calculated. The calculated value representing the length of the data packet is then assigned to the field.

A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.

A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.