This application discloses a communications method and related communications apparatus and system. The method includes recovering, by a first node, when detecting that a first packet is lost, the first packet according to a local recovery mechanism. The first packet is a packet obtained based on a packet sent by at least one first terminal to at least one second terminal, and the first node is a node on a network path between each first terminal and a second terminal communicating with the first terminal. The method further includes adding a first identification information related to local recovery, and sending the first packet. This application can reduce a transmission delay and improve transmission efficiency.

A queue management method, system, and recording medium include a queue examining device configured to examine a reverse flow queue from a forwarder for an acknowledged packet and a dropping device configured to drop a packet in a forward flow queue if the packet in the forward flow queue includes the acknowledged packet in the reverse flow queue.

In a context of transient disturbance occurring ata networking equipment receiving and forwarding data packets on a plurality of links according to a scheduling policy, a salient idea is to detect retransmitted packets among the received packets, the retransmitted packets being received by the networking equipment, corresponding to retransmissions of packets previously received and forwarded by the networking equipment on one of the links. The retransmissions of the packet, previously forwarded on one of the links, are representative of a disturbance of the link and the scheduling policy is advantageously adjusted to balance at least a part of the data traffic from that link to the other links.

Disclosed is a method includes treating, at an access point, a data flow between a first station and a second station during a first period of time as a non-fast flow. After a condition is met, the method includes marking the data flow as a fastACK flow during a second period of time and during the second period of time, storing data frames in the data flow at the access point to yield stored data frames. Next, the method includes generating a spoofed TCP acknowledgment signal on behalf of the first station and associated with the stored data frames and transmitting the spoofed TCP acknowledge signal to the second station.

Middleboxes include a processor configured to determine a degree of mismatch between a sequence number in a first connection between the middlebox and a client device and a sequence number in a second connection between the middlebox and a server device. A network control module is configured to delay acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch between sequence numbers and to establish a direct connection between the client device and the server device without mediation by the middlebox upon a determination that the degree of mismatch between sequence numbers is zero.

Disclosed is a method includes treating, at an access point, a data flow between a first station and a second station during a first period of time as a non-fast flow. After a condition is met, the method includes marking the data flow as a fastACK flow during a second period of time and during the second period of time, storing data frames in the data flow at the access point to yield stored data frames. Next, the method includes generating a spoofed TCP acknowledgment signal on behalf of the first station and associated with the stored data frames and transmitting the spoofed TCP acknowledge signal to the second station.

Middleboxes include a processor configured to determine that a network connection between a client device and a server device is idle. A connection table is configured to create a first connection entry at the middlebox for the client device and a second connection entry at the middlebox for the server device. The first and second connection entries are initialized after determining that the network connection between the client device and the server device is idle. A network control module is configured to activate redirection of the network connection between the client device and the server device to the middlebox after determining that the network connection between the client device and the server device is idle.

A computer-implemented method classifies a packet received from a network. The method comprises receiving the packet having header information and a rule-set that indicates a plurality of actions to perform on the packet. A geometric representation of the rule-set is constructed having a plurality of dimensions and rule boundaries. At least one rule boundary and dimension of the geometric representation is split to form a search structure having a plurality of nodes. Each node in the plurality of nodes is constrained to a predetermined memory threshold. The search structure is searched using the header information to obtain a rule in the rule-set that indicates an action to take on the packet.

Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.