Dynamic packet filter utilizing session tracking
First Claim
1. A method of filtering an input packet stream, said method comprising the steps of:
- establishing a session database adapted to store session related data for a plurality of sessions, each session corresponding to a socket;
opening a new session upon receipt of a socket not previously stored in said session database;
recognizing a session associated with a received packet in accordance with its associated socket;
processing the session data corresponding to said received packet in accordance with a plurality of predefined rules to generate processing results; and
deciding whether to allow or deny said received packet in accordance with said processing results.
3 Assignments
0 Petitions
Accused Products
Abstract
A novel and useful dynamic packet filter that can be incorporated in a hardware based firewall suitable for use in portable computing devices such as cellular telephones and wireless connected PDAs that are adapted to connect to the Internet. The invention performs dynamic packet filtering on packets received over an input packet stream. The dynamic filter checks dynamic protocol behavior using information extracted from the received packet. Sessions are created and stored in a session database to track the state of communications between the source and destination. Recognition of a session is accelerated by use of a hash table to quickly determine the corresponding session record in the session database. Session related data is read from the session database and the received packet is checked against a set of rules for determination of whether to allow or deny the packet.
-
Citations
43 Claims
-
1. A method of filtering an input packet stream, said method comprising the steps of:
-
establishing a session database adapted to store session related data for a plurality of sessions, each session corresponding to a socket;
opening a new session upon receipt of a socket not previously stored in said session database;
recognizing a session associated with a received packet in accordance with its associated socket;
processing the session data corresponding to said received packet in accordance with a plurality of predefined rules to generate processing results; and
deciding whether to allow or deny said received packet in accordance with said processing results. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of monitoring the state of a communications session, said method comprising the steps of:
-
establishing a session database adapted to store session related data for a plurality of sessions, each session corresponding to a socket;
recognizing a session in accordance with a first hash calculation on the socket associated with a received packet;
recognizing a hole session in accordance with a second hash calculation on a partial socket associated with said received packet;
reading session data from said session database, said session data associated with either a recognized session or a recognized hole session;
tracking a connection state of said session and checking said state against a plurality of rules to determine whether to allow or deny said received packet; and
writing updated session data back into said session database. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A dynamic filter for filtering an input packet stream, comprising:
-
a session database adapted to store session related data for a plurality of sessions, each session corresponding to a socket;
a session recognition module adapted to search said session database for a session whose associated socket matches that of a received packet;
a session management module adapted to maintain said session database including adding, deleting and modifying sessions in said session database; and
a main filter module operative to track a connection state of the session corresponding to a receive packet and checking said connection state against a plurality of rules to determine whether to allow or deny said received packet. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A digital computing apparatus, comprising:
-
communication means adapted to connect said apparatus to a wide area network (WAN);
memory means comprising volatile and non-volatile memory, said non-volatile memory adapted to store one or more application programs;
a processor coupled to said memory means and said communication means for executing said one or more application programs; and
a dynamic filter for filtering an input packet stream, comprising;
a session database adapted to store session related data for a plurality of sessions, each session corresponding to a socket;
a session recognition module adapted to search said session database for a session whose associated socket matches that of a received packet;
a session management module adapted to maintain said session database including adding, deleting and modifying sessions in said session database; and
a main filter module operative to track a connection state of the session corresponding to a receive packet and checking said connection state against a plurality of rules to determine whether to allow or deny said received packet.
-
-
43. A computer readable storage medium having a computer program embodied thereon for causing a suitably programmed system to search for a plurality of strings by performing the following steps when such program is executed on said system:
-
establishing a session database adapted to store session related data for a plurality of sessions, each session corresponding to a socket;
opening a new session upon receipt of a socket not previously stored in said session database;
recognizing a session associated with a received packet in accordance with its associated socket;
processing the session data corresponding to said received packet in accordance with a plurality of predefined rules to generate processing results; and
deciding whether to allow or deny said received packet in accordance with said processing results.
-
Specification