Internet protocol address filtering methods and apparatus
First Claim
1. A method comprising:
- receiving a data packet, determining an IP address of the data packet, accessing an IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses for every possible IP address within an IP address space of the IP address, to determine set membership for the IP address of the data packet; and
determining a further action to be performed on the packet based on the set membership that is determined for the IP address of the data packet, wherein the determining comprises selecting between a preferred treatment action for the data packet based on the IP address of the data packet being a member of the set of IP addresses and a next stage of processing based on the IP address of the data packet not being a member of the set of IP addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
An IP address of a received data packet is determined. An IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses, for every possible IP address within an IP address space of the IP address, is accessed to determine set membership for the IP address of the data packet. A further action to be performed on the packet is determined based on the set membership that is determined for the IP address of the data packet. Embodiments could be applied to source IP address filtering, destination IP address filtering, or both. Blacklist and whitelist embodiments, and associated further actions that could be applied to packets in such embodiments, are contemplated.
4 Citations
20 Claims
-
1. A method comprising:
- receiving a data packet, determining an IP address of the data packet, accessing an IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses for every possible IP address within an IP address space of the IP address, to determine set membership for the IP address of the data packet; and
determining a further action to be performed on the packet based on the set membership that is determined for the IP address of the data packet, wherein the determining comprises selecting between a preferred treatment action for the data packet based on the IP address of the data packet being a member of the set of IP addresses and a next stage of processing based on the IP address of the data packet not being a member of the set of IP addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- receiving a data packet, determining an IP address of the data packet, accessing an IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses for every possible IP address within an IP address space of the IP address, to determine set membership for the IP address of the data packet; and
-
16. An apparatus comprising:
- an interface to receive a data packet;
a map memory storing set membership values indicative of whether an IP address is a member of a set of IP addresses for every possible IP address within an IP address space of the IP address; and
a packet processor coupled to the interface and to the map memory to determine an IP address of the data packet, to access the map memory and determine set membership for the IP address of the data packet, and to determine a further action to be performed on the packet based on the set membership that is determined for the IP address of the data packet, wherein the packet processor is configured to determine the further action by selecting between a set membership action for the data packet based on the IP address of the data packet being a member of the set of IP addresses and a next stage of processing based on the IP address of the data packet not being a member of the set IP addresses. - View Dependent Claims (17, 18, 19, 20)
- an interface to receive a data packet;
Specification