Stateful flow of network packets within a packet parsing processor

US 20050238022A1
Filed: 08/25/2004
Published: 10/27/2005
Est. Priority Date: 04/26/2004
Status: Active Grant

First Claim

Patent Images

1. A method of providing stateful flow of a byte stream having portions across a plurality of related network packets in a packet parsing processor, the method comprising:

receiving a network packet having a portion of the byte stream;

determining that the network packet is from the plurality of network packets based on header information in the network packet;

retrieving a parsing context based on the header information, the parsing context comprising a current parsing state of the byte stream; and

performing instruction-driver packet parsing on the first portion responsive to the current parsing state.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a packet processing device and method. A parsing processor provides instruction-driven content inspection of network packets at 10-Gbps and above with a parsing engine that executes parsing instructions. A flow state unit maintains statefulness of packet flows to allow content inspection across several related network packets. A state-graph unit traces -state-graph nodes to keyword indications and/or parsing instructions. The parsing instructions can be derived from a high-level application to emulate user-friendly parsing logic. The parsing processor sends parsed packets to a network processor unit for further processing.

Citations

30 Claims

1. A method of providing stateful flow of a byte stream having portions across a plurality of related network packets in a packet parsing processor, the method comprising:
- receiving a network packet having a portion of the byte stream;
  
  determining that the network packet is from the plurality of network packets based on header information in the network packet;
  
  retrieving a parsing context based on the header information, the parsing context comprising a current parsing state of the byte stream; and
  
  performing instruction-driver packet parsing on the first portion responsive to the current parsing state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - prior to receiving the network packet, storing the parsing context in association with header information based on one or more packets from the plurality of related network packets.
  - 3. The method of claim 2, wherein the current parsing state comprises a parsing instruction.
  - 4. The method of claim 2, wherein the current parsing state comprises a plurality of potential next parsing states.
  - 5. The method of claim 1, wherein determining that the network packet is from the plurality of network packets comprises:
    - determining a sequence information of the network packet based on header information in the network packet, the sequence information identifying the plurality of related network packets.
  - 6. The method of claim 1, wherein the packet parsing processor is contained within a network device, the network device coupled to receive the plurality of related network packets from a network capable of operating at 10-Gbps or above, the network device performing one from the group containing:
    - data packet routing, data packet forwarding, and data packet bridging.
  - 7. The method of claim 1, wherein packet parsing supports one from the group containing:
    - intrusion detection, quality of service, application recognition, virus detection, and an application-level firewall.

8. A method of providing stateful flow of a byte stream having portions across a plurality of related network in a packet parsing processor with an integrated flow state unit, the method comprising:
- receiving a first network packet having a first portion of a byte stream from the plurality of related network packets;
  
  storing a sequence information of the plurality of related network packets based on header information in the first network packet, the sequence information identifying the plurality of related network packets;
  
  performing instruction-driven packet parsing on the first portion responsive to parsing instructions that traverse nodes of a state machine including memory locations representative of current parsing states and next parsing states;
  
  storing a parsing context associated with the sequence information, the parsing context including a current parsing state of the byte stream and a plurality of potential next parsing states;
  
  receiving a second network packet having a second portion of the byte stream;
  
  determining that the second network packet is from the plurality of network packets based on the sequence information derived from header information in the second network packet;
  
  retrieving the parsing context based on the sequence information; and
  
  performing instruction-driver packet parsing on the second portion responsive to the current parsing state.

9. A packet parsing processor, comprising:
- a parsing engine having an input to receive a signal representing a network packet having a portion of a byte stream from a plurality of related network packets having portions of the byte stream, the parsing engine determining that the network packet is from the plurality of related network packets based on header information in the network packet; and
  
  a state flow unit, having an input/output coupled to an input/output of the parsing engine, the state flow unit to retrieve a parsing context based on the header information, the parsing context comprising a current parsing state of the byte stream, wherein the parsing engine performs instruction-driver packet parsing on the portion responsive to at least the current parsing state.

10. The packet parsing processor of claim 0, wherein prior to the parsing engine receiving the network packet, the state flow unit stores the parsing context in association with header information based on one or more packets from the plurality of related network packets.
- View Dependent Claims (11, 12)
- - 11. The packet parsing processor of claim 10, wherein the current parsing state comprises a parsing instruction.
  - 12. The packet parsing processor of claim 10, wherein the current parsing state comprises a plurality of potential next parsing states.

13. The packet parsing processor of claim 0, further comprising:
- a sequencer, having an output coupled to the input of the parsing engine, the sequencer to determine sequence information of the network packet based on header information in the network packet, the sequence information identifying the plurality of related network packets.

14. The packet parsing processor of claim 0, wherein the packet parsing processor is contained within a network device, the network device coupled to receive the plurality of related network packets from a network capable of operating at 10-Gbps or above, the network device performing one from the group containing:
- data packet routing, data packet forwarding, and data packet bridging.

15. The packet parsing processor of claim 0, wherein the packet parsing supports one from the group containing:
- intrusion detection, quality of service, application recognition, virus detection, and an application-level firewall.

16. A packet parsing processor, comprising:
- means for parsing to receive a network packet having a portion of the byte stream, the means for parsing determining that the network packet is from the plurality of network packets based on header information in the network packet; and
  
  means for storing, coupled to the means for parsing, the means for storing to retrieve a parsing context based on the header information, the parsing context comprising a current parsing state of the byte stream, wherein the means for parsing performs instruction-driver packet parsing on the portion responsive to at least the current parsing state.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The packet parsing processor of claim 16, wherein prior to receiving the network packet, the means for storing stores the parsing context in association with header information, the parsing context including a current parsing state of the byte stream.
  - 18. The packet parsing processor of claim 17, wherein the current parsing state comprises a parsing instruction.
  - 19. The packet parsing processor of claim 17, wherein the current parsing state comprises a plurality of potential next parsing states.
  - 20. The packet parsing processor of claim 16, further comprising:
    - means for sequencing, coupled to the means for parsing, the means for sequencing to determine a sequence information of the network packet based on header information in the network packet, the sequence information identifying the plurality of related network packets
  - 21. The packet parsing processor of claim 16, wherein the packet parsing processor is contained within a network device, the networking device coupled to receive the plurality of related network packets from a network capable of operating at 10-Gbps or above, the network device performing one from the group containing:
    - data packet routing, data packet forwarding, and data packet bridging.
  - 22. The packet parsing processor of claim 16, wherein the packet parsing supports one from the group containing:
    - intrusion detection, quality of service, application recognition, virus detection, and an application-level firewall.

23. A computer program product, comprising a computer-readable medium having computer program instructions and data embodied thereon for A method of providing stateful flow of a byte stream having portions across a plurality of related network packets in a packet parsing processor, the method comprising:
- receiving a network packet having a portion of the byte stream;
  
  determining that the network packet is from the plurality of network packets based on header information in the network packet;
  
  retrieving a parsing context based on the header information, the parsing context comprising a current parsing state of the byte stream; and
  
  performing instruction-driver packet parsing on the first portion responsive to the current parsing state.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The computer program product of claim 23, further comprising:
    - prior to receiving the network packet, storing the parsing context in association with header information based on one or more packets from the plurality of related network packets.
  - 25. The computer program product of claim 24, wherein the current parsing state comprises a parsing instruction.
  - 26. The computer program product of claim 24, wherein the current parsing state comprises a plurality of potential next parsing states.
  - 27. The computer program product of claim 23, wherein determining that the network packet is from the plurality of network packets comprises:
    - determining a sequence information of the network packet based on header information in the network packet, the sequence information identifying the plurality of related network packets.
  - 28. The computer program product of claim 23, wherein the packet parsing processor is contained within a network device, the network device coupled to receive the plurality of related network packets from a network capable of operating at 10-Gbps or above, the network device performing one from the group containing:
    - data packet routing, data packet forwarding, and data packet bridging.
  - 29. The computer program product of claim 23, wherein packet parsing supports one from the group containing:
    - intrusion detection, quality of service, application recognition, virus detection, and an application-level firewall.

30. A networking device having a processor and a memory, comprising:
- a parsing engine having an input to receive a signal representing a network packet having a portion of a byte stream from a plurality of related network packets having portions of the byte stream, the parsing engine determining that the network packet is from the plurality of related network packets based on header information in the network packet; and
  
  a state flow unit, having an input/output coupled to an input/output of the parsing engine, the state flow unit to retrieve a parsing context based on the header information, the parsing context comprising a current parsing state of the byte stream, wherein the parsing engine performs instruction-driver packet parsing on the portion responsive to at least the current parsing state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rina Panigrahy
Original Assignee
Rina Panigrahy
Inventors
Panigrahy, Rina

Granted Patent

US 7,957,378 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

H04L 63/0254   Stateful filtering

H04L 63/1408   by monitoring network traff...

H04L 69/22   Parsing or analysis of headers

Stateful flow of network packets within a packet parsing processor

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Stateful flow of network packets within a packet parsing processor

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links