Firewall for filtering tunneled data packets
First Claim
1. A method of filtering a data packet, comprising receiving a tunneled data packet comprising an outer header and an outer payload, the outer payload comprising an inner data packet comprising an inner header and an inner payload, matching the value of at least one outer header field of the tunneled data packet to a first rule, and taking the action defined in the first rule comprising detecting the inner data packet within the tunneled data packet, matching the value of at least one field of the inner data packet to a second rule, and taking the action defined in the second rule.
9 Assignments
0 Petitions
Accused Products
Abstract
A method of filtering a tunneled data packet comprising an outer header and an outer payload, the outer payload comprising an inner data packet comprising an inner header and an inner payload, where the value of at least one outer header field of the tunneled data packet is matched to a first rule, and the action defined in the first rule is taken. Taking the action defined in the first rule comprises detecting the inner data packet within the tunneled data packet, matching the value of at least one field of the inner data packet to a second rule, and taking the action defined in the second rule.
-
Citations
11 Claims
-
1. A method of filtering a data packet, comprising
receiving a tunneled data packet comprising an outer header and an outer payload, the outer payload comprising an inner data packet comprising an inner header and an inner payload, matching the value of at least one outer header field of the tunneled data packet to a first rule, and taking the action defined in the first rule comprising detecting the inner data packet within the tunneled data packet, matching the value of at least one field of the inner data packet to a second rule, and taking the action defined in the second rule.
-
10. A network gateway comprising
a mechanism for receiving a tunneled data packet comprising an outer header and an outer payload, the outer payload comprising an inner data packet comprising an inner header and an inner payload, a mechanism for matching the value of at least one outer header field of the tunneled data packet to a first rule, and a mechanism for taking the action defined in the first rule comprising a mechanism for detecting the inner data packet within the tunneled data packet, a mechanism for matching the value of at least one field of the inner data packet to a second rule, and a mechanism for taking the action defined in the second rule.
-
11. A computer-readable medium, containing a computer software which, when executed in a computer device, causes the computer device to provide a routine of filtering a data packet comprising
receiving a tunneled data packet comprising an outer header and an outer payload, the outer payload comprising an inner data packet comprising an inner header and an inner payload, matching the value of at least one outer header field of the tunneled data packet to a first rule, and taking the action defined in the first rule comprising detecting the inner data packet within the tunneled data packet, matching the value of at least one field of the inner data packet to a second rule, and taking the action defined in the second rule.
Specification