FILTERING NETWORK DATA TRANSFERS
4 Assignments
0 Petitions
Accused Products
Abstract
Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.
18 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A method comprising:
-
receiving, by a computing system and from a computing device located in a first network, a plurality of packets; responsive to a determination by the computing system that a first packet of the plurality of packets comprises data corresponding to criteria specified by one or more packet-filtering rules configured to prevent a particular type of data transfer from the first network to a second network; applying, by the computing system and to the first packet, an operator, specified by the one or more packet-filtering rules, configured to drop packets associated with the particular type of data transfer; and dropping, by the computing system, the first packet; and responsive to a determination by the computing system that a second packet of the plurality of packets comprises data that does not correspond to the criteria; applying, by the computing system and to the second packet, an operator, specified by the one or more packet-filtering rules, configured to forward packets not associated with the particular type of data transfer toward the second network; and forwarding, by the computing system, the second packet toward the second network. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A system comprising:
-
at least one processor; and a memory storing instructions that when executed by the at least one processor cause the system to; receive, from a computing device located in a first network, a plurality of packets; responsive to a determination that a first packet of the plurality of packets comprises data corresponding to criteria specified by one or more packet-filtering rules configured to prevent a particular type of data transfer from the first network to a second network; apply, to the first packet, an operator, specified by the one or more packet-filtering rules, configured to drop packets associated with the particular type of data transfer; and drop the first packet; and responsive to a determination that a second packet of the plurality of packets comprises data that does not correspond to the criteria; apply, to the second packet, an operator, specified by the one or more packet-filtering rules, configured to forward packets not associated with the particular type of data transfer toward the second network; and forward the second packet toward the second network.
-
-
40. One or more non-transitory computer-readable media comprising instructions that when executed by one or more computing devices cause the one or more computing devices to:
-
receive, from a computing device located in a first network, a plurality of packets; responsive to a determination that a first packet of the plurality of packets comprises data corresponding to criteria specified by one or more packet-filtering rules configured to prevent a particular type of data transfer from the first network to a second network; apply, to the first packet, an operator, specified by the one or more packet-filtering rules, configured to drop packets associated with the particular type of data transfer; and drop the first packet; and responsive to a determination that a second packet of the plurality of packets comprises data that does not correspond to the criteria; apply, to the second packet, an operator, specified by the one or more packet-filtering rules, configured to forward packets not associated with the particular type of data transfer toward the second network; and forward the second packet toward the second network.
-
Specification