Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.

An information processing apparatus includes: a sub controller; a main controller; and a communication interface, the main controller being configured to detect a trigger to start the sleep mode, then create port-dependent TCP packet patterns and port-dependent UDP packet patterns, the port-dependent TCP packet patterns being packet patterns specifying all in-use TCP ports, the port-dependent UDP packet patterns being packet patterns specifying all in-use UDP ports, determine that a total number of the port-dependent UDP packet patterns and the port-dependent TCP packet patterns exceeds a maximum value, then delete all the port-dependent TCP packet patterns, create port-independent TCP packet patterns for different TCP protocols, respectively, the port-independent TCP packet pattern being one packet pattern specifying no TCP port, and supply the port-dependent UDP packet patterns and the port-independent TCP packet patterns to the sub controller, and start the sleep mode.

A system is disclosed in which a base station obtains i) an identifier for identifying a base station and/or a cell and ii) a tracking area code associated with an area in which a plurality of base stations/cells operate including the base station/cell to which the identifier relates. The base station is configured to use the obtained identifier in combination with the tracking area code for uniquely identifying the base station/cell in a subsequent procedure relating to that base station/cell.

The disclosure includes a doorbell having a visitor detection system that can comprise at least one of a camera, a microphone, and a motion detector. The method for using the doorbell can comprise recording, via the camera, video data that represents a video. The method can also comprise recording, via the microphone, audio data that represents audio. The method of using the doorbell can comprise transmitting at least a portion of the video data and at least a portion of the audio data, to a remote computing device that is communicatively coupled to the doorbell. The method can also comprise transmitting the video data and the audio data to a remote server that is communicatively coupled to the doorbell.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. In some embodiments, the datapath daemon dispatches packets to other processes or processing threads outside of the daemon. In some embodiments, the datapath daemon dispatches packets to a kernel network stack in order to support packet traffic monitoring.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

Embodiments of the present disclosure relate to a method and apparatus for processing data. A method may include: receiving an access request to access a target domain name; converting the target domain name into a preset high defense domain name;

querying an IP corresponding to the high defense domain name in a domain name system; and sending the access request according to the IP corresponding to the high defense domain name; where in a case that an EIP corresponding to the target domain name enables a black hole, the IP corresponding to the high defense domain name in the domain name system is a preset high defense IP, and in a case that the EIP corresponding to the target domain name closes the black hole, the IP corresponding to the high defense domain name in the domain name system is the EIP of the target domain name.

A method and apparatus for delivering requested content over a network is described. The method includes receiving, by a first network node, a request from a second network node for the requested content, the request comprising an IPv6 address associated with the requested content. A longest prefix match is then performed between the IPv6 address associated with the requested content and IPv6 addresses associated with content available at the first network node. In the event that the longest prefix match does not result in an exact match between the IPv6 address associated with the requested content and any of the IPv6 addresses associated with content available at the first network node, the request is routed towards a content variant suitable for transcoding to the requested content, the content variant being stored at the first network node.

Some embodiments provide a method for handling failure at one of several peer centralized components of a logical router. At a first one of the peer centralized components of the logical router, the method detects that a second one of the peer centralized components has failed. In response to the detection, the method automatically identifies a network layer address of the failed second peer. The method assumes responsibility for data traffic to the failed peer by broadcasting a message on a logical switch that connects all of the peer centralized components and a distributed component of the logical router. The message instructs recipients to associate the identified network layer address with a data link layer address of the first peer centralized component.

Systems and methods implemented by an application executed on a user device for service discovery and connectivity include, responsive to joining a new network, performing a Dynamic Host Configuration Protocol (DHCP) operation to obtain network configuration parameters; receiving a DHCP message in response with the network configuration parameters; via an application executed on the user device for service discovery and connectivity analyzing data in the DHCP message to determine one or more forwarding profiles on the new network, wherein the one or more forwarding profiles are based on a location or trust of the new network; and automatically installing the determined one or more forwarding profiles.