In one embodiment, a decapsulating network device receives a plurality of encapsulated packet fragments of an original packet, and decapsulates them into respective decapsulated packet fragments. The decapsulating network device caches an inner header of the original packet from one of the decapsulated packet fragments, and in response to caching the inner header, and for each particular decapsulated packet fragment as it is received and decapsulated: prepends the inner header and fragmentation information to the particular decapsulated packet fragment; and forwards the particular decapsulated packet fragment with the prepended inner header and fragmentation information from the decapsulating network device toward a destination of the original packet.

Techniques for securing name resolution technologies and for ensuring that name resolution technologies can function in modern networks that have a plurality of overlay networks accessible via a single network interface. In accordance with some of the principles described herein, a set of resolution parameters may be implemented by a user to be used during a name resolution process. In some implementations, when an identifier is obtained for a network resource, the identifier may be stored in a cache with resolution parameters that were used in obtaining the identifier. When a new name resolution request is received, the cache may be examined to determine whether a corresponding second identifier is in the cache, and whether resolution parameters used to retrieve the second identifier in the cache match the resolution parameters for the new resolution request. If so, the second identifier may be returned from the cache.

A network security system for wireless devices derives a fingerprint from the modulation imperfections of the analog circuitry of the wireless transceivers. These fingerprints may be compared to templates obtained when the wireless devices are initially commissioned in a secure setting and used to augment passwords or other security tools in detecting intruders on the network.

A data forwarding method is provided for a data forwarding apparatus. The method includes, when a first port receives a to-be-forwarded data packet, executing a network adapter driver corresponding to the first port to read the to-be-forwarded data packet from a network adapter cache corresponding to the first port. The network adapter cache stores address forwarding information obtained from an operating system kernel bridge. The method also includes searching the address forwarding information in the network adapter cache for address forwarding information corresponding to the data packet and, when the address forwarding information corresponding to the data packet is found, determining a target network adapter driver for forwarding the data packet based on the found address forwarding information, and directly sending the data packet to the target network adapter driver, such that the target network adapter driver forwards the data packet through a second port.

Systems and methods of handover in an information-centric network are described. The ICN-CF receives an update request from an ICN ICN-AMF indicating handover of a UE from a source NG-RAN to a target NG-RAN. The ICN-CF transmits, to an ICN router, an update request to update a PIT and/or FIB table to enable data communications with the UE after handover. The request includes the UE and target NG-RAN, and if the source and target ICN-PoA are different, the source and target ICN-PoA and the ICN-GW.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon by utilizing a user space network stack.

An apparatus is disclosed to compress packets, the apparatus comprising; a data analyzer to identify a new destination address and a protocol identifier of an input packet corresponding to a new destination node and a communication system between the new destination node and a source node; a compression engine to utilize a plurality of compression functions based on the new destination address and the protocol identifier and reduce a size of the input packet; a compression analyzer to identify a reduced packet and a compression function identifier corresponding to the reduced packet, the compression function identifier associated with one of the compression functions; and a source modifier to construct a packet to include the compression function identifier by modifying unregistered values of a protocol identifier by a difference associated with the compression function identifier, the packet to inform the new destination node of a compression function.

HVAC components having improved efficiency are described. In one embodiment, excessive sleep current draw in a battery-powered device having a microcontroller is detected by measuring a voltage drop across a MOSFET device coupled in a forward-conducting orientation in series between the battery and the microcontroller, causing a transistor to conduct when the voltage drop exceeds a predetermined threshold to generate a first trigger signal, integrating the first trigger signal to generate a second trigger signal, and generating an interrupt to the microcontroller. In another embodiment, a battery-saving method of operating an HVAC component includes maintaining the HVAC device in the sleep mode, receiving a user input to wake the device, transmitting a data request and returning the HVAC component to the sleep mode, waking up the HVAC device to poll an adjacent network node storing a cached response, displaying the response, and returning the HVAC device to sleep.

A method, a synchronization server, a corresponding terminal, and a system for transmitting a message intended for a first terminal, referred to as a destination terminal, from a second terminal, referred to as a source terminal, to at least one third terminal, referred to as an associated terminal, sharing a same identifier with the source terminal. The method includes transmitting from the source terminal to a synchronization server a first synchronization message, in which the message intended for the destination terminal is inserted, and recovering by using the at least one associated terminal the message intended for the destination terminal from the synchronization server by using at least a second synchronization message.

In general, the disclosure relates to a method for redirecting a user to a captive portal. The method includes trapping an incoming frame originating from a host, where the incoming frame comprises a L2 header and a payload, wherein the payload specifies information associated with an external server, wherein the user of the host has not been authenticated by the captive portal at a time when the incoming frame is trapped, extracting the L2 header, an L3 header, and the payload from the incoming frame, forwarding the L3 header and the payload towards a redirection server executing on the network device, wherein the redirection server is configured to generate a redirection response based on the payload; encapsulating the redirection response to obtain an L3 response packet, encapsulating the L3 response packet using information from the L2 header to obtain an output frame, and transmitting the output frame towards the host.