Edge adapter apparatus and method
First Claim
1. A method of processing a first data packet transmitted over a network from a source to a first recipient, said first data packet comprising a header layer and an application data layer, said method comprising:
- (a) capturing said first data packet from said network prior to its reception by said first recipient;
(b) analyzing said header layer of said first data packet according to a first rule;
(c) examining, selectively, a dynamically specified portion of said application data layer of said first data packet according to a second rule;
(d) determining a first action to be taken on said first data packet according to a third rule; and
(e) performing said first action on said first data packet.
16 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. A packet interceptor/processor apparatus is coupled with the network so as to be able to intercept and process packets flowing over the network. Further, the apparatus provides external connectivity to other devices that wish to intercept packets as well. The apparatus applies one or more rules to the intercepted packets which execute one or more functions on a dynamically specified portion of the packet and take one or more actions with the packets. The apparatus is capable of analyzing any portion of the packet including the header and payload. Actions include releasing the packet unmodified, deleting the packet, modifying the packet, logging/storing information about the packet or forwarding the packet to an external device for subsequent processing. Further, the rules may be dynamically modified by the external devices.
-
Citations
111 Claims
-
1. A method of processing a first data packet transmitted over a network from a source to a first recipient, said first data packet comprising a header layer and an application data layer, said method comprising:
-
(a) capturing said first data packet from said network prior to its reception by said first recipient;
(b) analyzing said header layer of said first data packet according to a first rule;
(c) examining, selectively, a dynamically specified portion of said application data layer of said first data packet according to a second rule;
(d) determining a first action to be taken on said first data packet according to a third rule; and
(e) performing said first action on said first data packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 46)
-
-
41. A method of processing a first data packet directed to a first recipient over a network, said first data packet comprising header data and application data, said method comprising:
-
(a) intercepting said first data packet prior to receipt by said first recipient;
(b) capturing said first data packet in a buffer;
(c) analyzing, selectively, said header data according to a first rule;
(d) analyzing, selectively, a dynamically specified portion of said application data according to a second rule;
(e) copying, selectively, said first data packet and forwarding, selectively, said copied first data packet to a second recipient different from said first recipient according to a third rule;
(f) releasing, selectively, said first data packet back to said network according to a fourth rule;
(g) modifying, selectively, said first data packet and releasing, selectively, said modified first data packet back to said network according to a fifth rule;
(h) deleting, selectively, said first data packet from said buffer according to a sixth rule; and
(i) storing, selectively, information about said first data packet according to a seventh rule. - View Dependent Claims (42, 43, 44, 45, 47, 48, 49)
-
-
50. An apparatus for processing a first packet transmitted over a network from a source to a first destination, said first packet comprising a header layer and an application data layer, said apparatus comprising:
-
a network interface operative to receive said first packet from said source;
a routing processor coupled with said network interface and operative to receive said first packet from said network interface and convey said first packet to said first destination; and
a packet processor coupled with said network interface and said routing processor, said packet processor comprising;
a packet analyzer operative to analyze said header layer according to a first rule and selectively analyze a dynamically specified portion of said application data layer according to a second rule; and
a packet redirector coupled with said packet analyzer and said routing processor and operative to selectively perform an action on said first packet according to a third rule prior to said conveyance by said routing processor. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
72. An adapter for a router comprising:
-
a router interface operative to couple said adapter with said router;
a packet processor coupled with said router interface and operative to intercept a first packet prior to receipt by said router, said packet processor further comprising;
a buffer operative to receive and store said first packet for processing;
first logic coupled with said buffer, said first logic operative to apply a first function to a header layer of said first packet and produce a first result;
second logic coupled with said buffer, said second logic operative to apply a second function to a dynamically specified portion of said application data layer of said first packet and produce a second result; and
third logic coupled with said buffer and said first and second logic, said third logic operative to perform an operation on said first packet using a third function and said first and second results. - View Dependent Claims (73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
-
90. A system for facilitating a non-invasive interface to a network comprising:
-
a router coupled with said network and operative to route a first packet from a first source to a first destination; and
a packet processor coupled with said router and operative to receive said first packet from said first source and process said first packet prior to routing by said router, said packet processor including;
a rule set comprising first, second and third rules;
first logic operative to analyze a header layer of said first packet according to said first rule;
second logic operative to analyze a dynamically specified portion of said application data layer of said first packet according to said second rule;
third logic operative to perform a function on said first packet according to said third rule; and
an external interface operative to transparently couple a first external device to said packet processor. - View Dependent Claims (91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107)
-
-
108. An edge server coupled between a point-of-presence (“
- POP”
) and a network and operative to monitor a network traffic stream passing between said POP and said network, said edge server comprising;
a traffic interceptor operative to selectively intercept said network traffic stream between said POP and said network prior to said network traffic stream reaching its intended destination; and
a traffic modifier operative to modify said selectively intercepted traffic and reinsert said modified selectively intercepted traffic into said work. - View Dependent Claims (109, 110, 111)
- POP”
Specification