String search scheme in a distributed architecture
First Claim
1. An apparatus comprising:
- one or more classification engines to receive network traffic, the one or more classification engines to perform a first stage search on the network traffic and to generate a first stage search report in response to the first stage search, the first stage search report to indicate multiple potential strings of interest having a first portion matching a corresponding portion of one or more predetermined strings; and
a policy processor coupled to the one or more classification engines, the policy processor to perform a second stage search on the packet, the second stage search comparing subsequent portions of the potential strings of interest from the first stage search report to the one or more predetermined strings to determine whether a match exists.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses for searching network data for one or more predetermined strings are disclosed. In one embodiment, the string search is a multi-stage search where the stages of the search are performed by different hardware components. In one embodiment in a first search stage, a first processor performs a comparison of blocks of incoming data to determine whether the blocks potentially represent the beginning of one of the predetermined strings. If a potential predetermined string is identified, a second processor performs a further search to determine whether the string matches one of the predetermined strings. Because the first processor searches only for the beginning of the predetermined strings, the first stage comparison can be performed quickly, which improves network performance as compared to more detailed searching. The second stage is performed by second processor, which allows the first processor to search for potential matching strings. Because many strings do not match the one or more predetermined strings, the more detailed search performed by the second processor is performed selectively, which increases network performance as compared to more detailed searches on all network data.
98 Citations
3 Claims
-
1. An apparatus comprising:
-
one or more classification engines to receive network traffic, the one or more classification engines to perform a first stage search on the network traffic and to generate a first stage search report in response to the first stage search, the first stage search report to indicate multiple potential strings of interest having a first portion matching a corresponding portion of one or more predetermined strings; and
a policy processor coupled to the one or more classification engines, the policy processor to perform a second stage search on the packet, the second stage search comparing subsequent portions of the potential strings of interest from the first stage search report to the one or more predetermined strings to determine whether a match exists. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsBeylin, Boris
-
Primary Examiner(s)Vu, Kim
-
Assistant Examiner(s)Ly, Anh
-
Application NumberUS09/361,347Time in Patent Office1,233 DaysField of Search707/1-10, 707/102, 709/203, 709/228US Class Current1/1CPC Class CodesG06F 16/90344 by using string matching te...Y10S 707/959 NetworkY10S 707/99931 Database or file accessingY10S 707/99933 Query processing, i.e. sear...Y10S 707/99935 Query augmenting and refini...Y10S 707/99936 Pattern matching accessY10S 707/99943 Generating database or data...
