System and method for dynamically constructing packet classification rules
First Claim
1. A system for providing a service to a packet based network, the service applying classifications that use arbitrary combinations of extracted packet header information, the system comprising:
- a processor having instructions to extract predetermined header information from a packet and further having instructions to perform table look-ups with the header information;
a first data structure that provides a longest match value for processor table look-ups;
a second data structure that provides a first match value for processor table look-ups of combinations of longest match values, the first match value determining a classification for the packet.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and method classifies packets with a programmably fixed network processor program and dynamically updated data structures. The network processor program selects predetermined packet field values of the packets transmitted across the network and classifies the packets by matching one or more packet field values with a data structure. New packet classifications are dynamically created by updating the data structure to associate one or more predetermined packet field values with the new packet classification. For instance, a parse tree program extracts packet header information and matches the packet header information to the data structure. A pattern tree data structure provides longest prefix matches and an ordered tree data structure provides combination matches so that classification of arbitrary Boolean combinations of extracted header fields can be formed.
-
Citations
22 Claims
-
1. A system for providing a service to a packet based network, the service applying classifications that use arbitrary combinations of extracted packet header information, the system comprising:
-
a processor having instructions to extract predetermined header information from a packet and further having instructions to perform table look-ups with the header information;
a first data structure that provides a longest match value for processor table look-ups;
a second data structure that provides a first match value for processor table look-ups of combinations of longest match values, the first match value determining a classification for the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for classifying packets transmitted across a network, the method comprising:
-
selecting predetermined packet field values from the packets;
classifying the packets by matching one or more packet field values with a data structure; and
dynamically creating a new packet classification by modifying the data structure to associate one or more of the predetermined packet field values with the new packet classification. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A system for classifying packets comprising:
-
a network processor having programmably fixed instructions that select values from predetermined packet fields;
a data structure that associates one or more packet field values with a classification; and
a data structure modifier interfaced with the data structure and operable to modify the data structure to define one or more classifications, each classification associated with one or more packet field values. - View Dependent Claims (21, 22)
-
Specification