FILTERING NETWORK DATA TRANSFERS
First Claim
1. A method comprising:
- receiving, by a computing system comprising memory and at least one processor, a plurality of packets, wherein the plurality of packets comprises a first portion of packets and a second portion of packets;
determining, based on a packet header field value, whether each packet of the plurality of packets comprises data corresponding to criteria specified by one or more packet-filtering rules;
responsive to a determination by the computing system that a packet header field value of the first portion of packets comprises data corresponding to criteria specified by the one or more packet-filtering rules configured to prevent a particular type of data transfer applying, by the computing system and to each packet in the first portion of packets, a first operator, specified by the one or more packet-filtering rules, configured to drop packets associated with the particular type of data transfer;
determining, based on an application header field value, whether the second portion of packets comprises data corresponding to criteria specified by one or more operators specified by the one or more packet-filtering rules; and
responsive to determining that the second portion of packets comprises data corresponding to the criteria specified by one or more operators, applying, by the computing system and to each packet in the second portion of packets, at least one packet transformation function configured to allow or block each packet in the second portion of packets from continuing toward its respective destination.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.
17 Citations
20 Claims
-
1. A method comprising:
-
receiving, by a computing system comprising memory and at least one processor, a plurality of packets, wherein the plurality of packets comprises a first portion of packets and a second portion of packets; determining, based on a packet header field value, whether each packet of the plurality of packets comprises data corresponding to criteria specified by one or more packet-filtering rules; responsive to a determination by the computing system that a packet header field value of the first portion of packets comprises data corresponding to criteria specified by the one or more packet-filtering rules configured to prevent a particular type of data transfer applying, by the computing system and to each packet in the first portion of packets, a first operator, specified by the one or more packet-filtering rules, configured to drop packets associated with the particular type of data transfer; determining, based on an application header field value, whether the second portion of packets comprises data corresponding to criteria specified by one or more operators specified by the one or more packet-filtering rules; and responsive to determining that the second portion of packets comprises data corresponding to the criteria specified by one or more operators, applying, by the computing system and to each packet in the second portion of packets, at least one packet transformation function configured to allow or block each packet in the second portion of packets from continuing toward its respective destination. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
at least one processor; and memory storing instructions that, when executed by the at least one processor, cause the apparatus to; receive a plurality of packets, wherein the plurality of packets comprises a first portion of packets and a second portion of packets; determine, based on a packet header field value, whether the plurality of packets comprises data corresponding to criteria specified by one or more packet-filtering rules; responsive to a determination that a packet header field value of the first portion of packets comprises data corresponding to criteria specified by the one or more packet-filtering rules configured to prevent a particular type of data transfer, apply, to each packet in the first portion of packets, a first operator, specified by the one or more packet-filtering rules, configured to drop packets associated with the particular type of data transfer; determine, based on an application header field value, whether the second portion of packets comprises data corresponding to criteria specified by one or more operators specified by the one or more packet-filtering rules; and responsive to determining that the second portion of packets comprises data corresponding to the criteria specified by one or more operators, apply, to each packet in the second portion of packets, at least one packet transformation function configured to allow or block each packet in the second portion of packets from continuing toward its respective destination. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer-readable media comprising instructions that, when executed by one or more computing devices, cause the one or more computing devices to:
-
receive a plurality of packets, wherein the plurality of packets comprises a first portion of packets and a second portion of packets; determine, based on a packet header field value, whether the plurality of packets comprises data corresponding to criteria specified by one or more packet-filtering rules; responsive to a determination that a packet header field value of the first portion of packets comprises data corresponding to criteria specified by the one or more packet-filtering rules configured to prevent a particular type of data transfer, apply, to each packet in the first portion of packets, a first operator, specified by the one or more packet-filtering rules, configured to drop packets associated with the particular type of data transfer; determine, based on an application header field value, whether the second portion of packets comprises data corresponding to criteria specified by one or more operators specified by the one or more packet-filtering rules; and responsive to determining that the second portion of packets comprises data corresponding to the criteria specified by one or more operators, apply, to each packet in the second portion of packets, at least one packet transformation function configured to allow or block each packet in the second portion of packets from continuing toward its respective destination. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification