Packet data analysis with efficient and flexible parsing capabilities
First Claim
1. A method for handling packet data having a plurality of data segments sent from a first node to a second node within a computer network, the method comprising:
- obtaining a first parse state based on a first data segment of the packet data;
obtaining a first search state that is based at least on the first data segment and that is associated with obtaining the first parse state;
obtaining a second parse state based on a second data segment of the packet data and the first parse state;
obtaining a second search state that is based at least on the second data segment and the first search state and that is associated with obtaining the second parse state;
obtaining a third parse state based on a third data segment of the packet data and the second parse state; and
outputting search results based on the second search state and that is associated with obtaining the third parse state.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus which facilitate the handling of data between platforms interconnected by any of a variety of network environments are disclosed. In general terms, the present invention represents an improvement over conventional packet parsing and searching mechanisms. The parse mechanism sequentially analyzes each character of the packet data and passes relevant characters to the search mechanism as soon as each character is reached. Preferably, the characters of each data field are parsed character-by-character. In one implementation, prior to searching a relevant data field, the parser initializes the appropriate search mechanism based on at least the data field type (e.g., the cookie field or URL field of an HTTP request). Each character of the relevant data is then passed sequentially to the search mechanism, where a search state are obtained for each passed character. Accordingly, the parser passes each character of the relevant data fields to the search mechanism. Since the parser passes the well-defined fields of standard protocols, such as HTTP and FTP, parsing may be efficiently performed without referencing memory (e.g., parsing is implemented in micro-code). When the parser reaches the end of the relevant data field, the parser may then cause the search mechanism to output search results associated with the search state of the last searched character. Alternatively, the parser may initiate another search for another data field, which is subsequently parsed and searched character-by-character as recited above for the first field.
-
Citations
44 Claims
-
1. A method for handling packet data having a plurality of data segments sent from a first node to a second node within a computer network, the method comprising:
-
obtaining a first parse state based on a first data segment of the packet data;
obtaining a first search state that is based at least on the first data segment and that is associated with obtaining the first parse state;
obtaining a second parse state based on a second data segment of the packet data and the first parse state;
obtaining a second search state that is based at least on the second data segment and the first search state and that is associated with obtaining the second parse state;
obtaining a third parse state based on a third data segment of the packet data and the second parse state; and
outputting search results based on the second search state and that is associated with obtaining the third parse state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer system operable to handle packet data having a plurality of data segments sent from a first node to a second node within a computer network, the computer system comprising:
-
one or more processors;
one or more memory, wherein at least one of the processors and memory are adapted to;
obtain a first parse state based on a first data segment of the packet data;
obtain a first search state that is based at least on the first data segment and that is associated with the first parse state;
obtain a second parse state based on a second data segment of the packet data and the first parse state;
obtain a second search state that is based at least on the second data segment and the first search state and that is associated with the second parse state;
obtain a third parse state based on a third data segment of the packet data and the second parse state; and
output search results based on the second search state and that is associated with the third parse state. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer program product for handling packet data having a plurality of data segments sent from a first node to a second node within a computer network, the computer program product comprising:
-
at least one computer readable medium;
computer program instructions stored within the at least one computer readable product configured to cause a processing device to;
obtain a first parse state based on a first data segment of the packet data;
obtain a first search state that is based at least on the first data segment and that is associated with the first parse state;
obtain a second parse state based on a second data segment of the packet data and the first parse state;
obtain a second search state that is based at least on the second data segment and the first search state and that is associated with the second parse state;
obtain a third parse state based on a third data segment of the packet data and the second parse state; and
output search results based on the second search state and that is associated with the third parse state.
-
-
43. An apparatus for handling packet data having a plurality of data segments sent from a first node to a second node within a computer network, the apparatus comprising:
-
means for parsing the packet data;
means for initializing a search based on the parsing of the packet data; and
means for outputting search results based on a searching procedure performed on the packet data and the parsing of the packet data. - View Dependent Claims (44)
-
Specification