System and method for filtering data

US 7,133,400 B1
Filed: 01/29/1999
Issued: 11/07/2006
Est. Priority Date: 08/07/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A system for filtering packets comprising:

a filtering database comprising layered rule tables, wherein each rule table applies to a respective protocol element of a packet and comprises a protocol element locator and a default rule; and

a packet filtering engine coupled to the filtering database for filtering said packets using at least one rule table in the filtering database.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for filtering data comprises a filtering database for storing layered rule tables and a data filtering engine coupled to the filtering database for filtering the input data using the layered rule tables. The data filtering engine filters or classifies input data using tests or rules performed on the data elements in the input data. The data elements are segments of data in the input data and are selected from the input data using a data element locator. Preferably, each rule table in the filtering database comprises a data element locator, a default rule, and zero or more filtering rules. The filtering rules comprise the tests or rules that are to be applied to the data elements. Each rule table corresponds to a single data element and each filtering rule in the rule table is to be applied to that data element.

140 Citations

29 Claims

1. A system for filtering packets comprising:
- a filtering database comprising layered rule tables, wherein each rule table applies to a respective protocol element of a packet and comprises a protocol element locator and a default rule; and
  
  a packet filtering engine coupled to the filtering database for filtering said packets using at least one rule table in the filtering database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system for filtering packets in claim 1 wherein each rule table further comprises at least one filtering rule.
  - 3. The system for filtering packets in claim 2 wherein the at least one filtering rule comprises a statistics counter.
  - 4. The system for filtering packets in claim 1 wherein the protocol element locator comprises an offset and a mask for selecting a protocol element of a packet.
  - 5. The system for filtering packets in claim 1 wherein the protocol element locator further comprises a table timer and statistics counters.
  - 6. The system for filtering packets in claim 1 wherein the packet filtering engine further comprises:
    - a packet buffer for storing packets;
      
      a protocol element locator buffer for storing the protocol element locator; and
      
      a rule evaluator for receiving a packet from the packet buffer and applying at least one rule table to the packet.
  - 7. The system of claim 1 wherein the packet filtering engine is coupled to receive a packet prototype modifying the filtering database.
  - 8. The system for filtering packets in claim 1 wherein the system is coupled to receive a packet prototype for determining a part of the filtering database to be modified.

9. A system for filtering packets comprising:
- a packet buffer for storing packets;
  
  a protocol element locator for indicating a protocol element in a packet;
  
  a filtering database comprising layered tables of rules, each rule table applying to a respective protocol element of a packet and comprising the protocol element locator, a default rule and zero or more additional filtering rules to be applied to the protocol element in the packet; and
  
  a rule evaluator having a first input coupled to the packet buffer for using the protocol element locator to determine a protocol element from the packet and for applying at least one rule table to the protocol element.
- View Dependent Claims (10, 11)
- - 10. The system for filtering packets in claim 9 wherein each rule table comprises at least one filtering rule and at least one default rule to be applied to the protocol element indicated by the protocol element locator.
  - 11. The system for filtering packets in claim 9 further comprising a processor interface for receiving a packet prototype, said packet prototype to be used in modifying the filtering database.

12. A method for filtering packets in a system comprising a filtering database containing layered tables of rule tables, the method comprising the steps of:
- selecting a protocol element from a packet;
  
  accessing a unique rule table in said layered tables of rule tables corresponding to the selected protocol element;
  
  said rule table comprising a default rule, zero or more additional filtering rules, and a protocol element locator; and
  
  applying the default rule and zero or more additional filtering rules and the protocol element locator of the unique rule table to the selected protocol element.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12 wherein the step of selecting a protocol element further comprises the substeps of:
    - obtaining a protocol element locator from the rule table in the filtering database; and
      
      applying the protocol element locator to the packet to select the protocol element from the packet.
  - 14. The method of claim 12 wherein the step of applying the default rule and zero or more additional filtering rules comprises the substep of:
    - determining whether the selected protocol element is less than or equal to an upper bound.
  - 15. The method of claim 12 wherein the step of applying the default rule and zero or more additional filtering rules comprises the substep of:
    - determining whether the selected protocol element is greater than or equal to a lower bound.
  - 16. The method of claim 12 further comprising the step of receiving a packet prototype for modifying the filtering database.

17. A system for modifying a filtering database comprising:
- a packet prototype for determining a location to be modified in the filtering database, the packet prototype comprising at least one protocol element descriptor having a default rule flag pointing to a default rule, an upper bound and a lower bound, wherein said lower bound and said upper bound are used to point to a location in the filtering database, anda filtering engine for receiving the packet prototype from an external software source and for modifying the location determined by the packet prototype.

18. An apparatus for filtering packets comprising:
- a plurality of protocol element locators, each protocol element locator having an offset and a mask for selecting one of a plurality of protocol elements from a packet;
  
  a plurality of rule tables, each rule table corresponding to a respective protocol element; and
  
  a rules database implemented in a storage medium having a default rule and a filtering action for each rule table.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The apparatus of claim 18 wherein each rule table further comprises at least one filtering rule.
  - 20. The apparatus of claim 19 wherein the filtering rule comprises a pointer to another rule table.
  - 21. The apparatus of claim 19 wherein the filtering rule comprises a statistics counter.
  - 22. The apparatus of claim 18 wherein the protocol element locator specifies an offset and a mask for selecting a protocol element from a packet.

23. A system for filtering packets comprising:
- a static storage device;
  
  a filtering database comprising a protocol element locator for selecting one of a plurality of protocol elements from a packet, a plurality of rule tables, wherein each rule table has a corresponding protocol element and a default rule; and
  
  a packet filtering engine coupled to the filtering database, the filtering engine to filter packets using the rule table.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The system of claim 23 wherein the filtering database further comprises at least one filtering rule for each rule table.
  - 25. The system of claim 23 wherein the filtering rule comprises a pointer to another rule table.
  - 26. The system of claim 24 wherein the filtering rule comprises a statistics counter.
  - 27. The system of claim 23 wherein the protocol element locator comprises an offset and a mask for selecting the protocol element of the packet.
  - 28. The system of claim 23 wherein the protocol element locator further comprises a table timer and statistics counters.
  - 29. The system of claim 23 wherein the filtering engine further comprises:
    - a packet buffer for storing packets;
      
      a protocol element locator buffer for storing the protocol element locator; and
      
      a rule evaluator for receiving the packet from the packet buffer and applying at least rule table to the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Croft, Walter E., Henderson, Alex E.
Primary Examiner(s)
Patel, Ajit

Application Number

US09/240,919
Time in Patent Office

2,839 Days
Field of Search

370/389, 370/392, 370/351, 370/400, 370/401, 370/471, 370/466, 707/1, 707/2, 707 3- 8, 709/238, 709/242, 709/245, 709/246, 709/230, 709/224
US Class Current

370/389
CPC Class Codes

H04L 49/90   Buffering arrangements

H04L 49/901   using storage descriptor, e...

H04L 49/9021   Plurality of buffers per pa...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 67/564   Enhancement of application ...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/22   Parsing or analysis of headers

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

System and method for filtering data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for filtering data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links