Method and apparatus for filtering packet data in a network device

US 7,245,620 B2
Filed: 10/11/2002
Issued: 07/17/2007
Est. Priority Date: 03/15/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A process of filtering packet data in a network device, said process comprising:

applying at least one mask to a portion of an incoming packet;

extracting a field from the portion of the incoming packet;

searching a rules table for a matching value for the extracted field;

recording a search result as one of a hit and a miss depending on the matching value;

accessing a combination table of combination rules based on the at least one mask;

combining said one of the hit and the miss with another search result to obtain a combined search result; and

executing one of a hit action and a miss action from the combination table based on the combined search result.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process of filtering packet data in a network device is disclosed. At least one mask is applied to a portion of an incoming packet and a field is extracted from the portion of the incoming packet. A rules table is searched for a matching value for the extracted field and one of a hit and a miss is recorded depending on the matching value. A combination table is accessed based on the at least one mask and the one of the hit and the miss is combined with another search result to obtain a combined search result. One of a hit action and a miss action is executed from the combination table based on the combined search result.

89 Citations

View as Search Results

20 Claims

1. A process of filtering packet data in a network device, said process comprising:
- applying at least one mask to a portion of an incoming packet;
  
  extracting a field from the portion of the incoming packet;
  
  searching a rules table for a matching value for the extracted field;
  
  recording a search result as one of a hit and a miss depending on the matching value;
  
  accessing a combination table of combination rules based on the at least one mask;
  
  combining said one of the hit and the miss with another search result to obtain a combined search result; and
  
  executing one of a hit action and a miss action from the combination table based on the combined search result.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A process as recited in claim 1, wherein said step of executing one of an action or a miss action comprises executing one of multiple hit actions and multiple miss actions based on the combined search result.
  - 3. A process as recited in claim 1, wherein said process is performed for each mask in a table of masks.
  - 4. A process as recited in claim 3, wherein each mask in the table of masks has a mask number and said step of accessing a combination table based on the at least one mask comprises accessing a combination table indexed by mask numbers with search results to be combined.
  - 5. A process as recited in claim 1, wherein said step of applying at least one mask to a portion of an incoming packet comprises applying at least one mask to a portion of a header of the incoming packet.
  - 6. A process as recited in claim 1, further comprising:
    - receiving said incoming packet on a port interface; and
      
      parsing said incoming packet to obtain said portion of said incoming packet.
  - 7. A process as recited in claim 6, further comprising, after said step of parsing said incoming packet:
    - sending an address resolution lookup request to an address resolution lookup engine; and
      
      sending a fast filtering processor request to a fast filtering processor.

8. A filter for packet data in a network device, said filter comprising:
- applying means for applying at least one mask to a portion of an incoming packet;
  
  extracting means for extracting a field from the portion of the incoming packet;
  
  searching means for searching a rules table for a matching value for the extracted field;
  
  recording means for recording a search result as one of a hit and a miss depending on the matching value;
  
  accessing means for accessing a combination table of combination rules based on the at least one mask;
  
  combining means for combining said one of the hit and the miss with another search result to obtain a combined search result; and
  
  executing means for executing one of a hit action and a miss action from the combination table based on the combined search result.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A filter as recited in claim 8, wherein said executing means comprises executing means for executing one of multiple hit actions and multiple miss actions based on the combined search result.
  - 10. A filter as recited in claim 8, wherein said applying means is configured to apply each mask in a table of masks to said portion of the incoming packet.
  - 11. A filter as recited in claim 10, wherein each mask in the table of masks has a mask number and said accessing means comprises accessing means for accessing a combination table indexed by mask numbers with search results to be combined.
  - 12. A filter as recited in claim 8, wherein said applying means comprises applying means for applying at least one mask to a portion of a header of the incoming packet.
  - 13. A filter as recited in claim 8, further comprising:
    - receiving means for receiving said incoming packet on a port interface; and
      
      parsing means for parsing said incoming packet to obtain said portion of said incoming packet.
  - 14. A filter as recited in claim 13, further comprising:
    - first sending means for sending an address resolution lookup request to an address resolution lookup engine; and
      
      second sending means for sending a fast filtering processor request to a fast filtering processor.

15. A network device having a packet filter, said network device comprising:
- at least one port interface, having at least one port for receiving an incoming packet;
  
  a packet parser, in communication with said at least one port interface, where said parser obtains a portion of said incoming packet;
  
  a field extractor, in communication with said packet parser, where said extractor applies at least one mask to said portion of said incoming packet and extracts at least one field from the portion of the incoming packet;
  
  a rules table, in communication with the field extractor; and
  
  a combination table of combination rules, in communication with the field extractor;
  
  wherein said field extractor is configured to execute one of a hit action and a miss action obtained from the combination table based on a combined search result.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A network device as recited in claim 15, wherein said field extractor is configured to execute one of multiple hit actions and multiple miss actions based on the combined search result.
  - 17. A network device as recited in claim 15, wherein said field extractor is configured to apply each mask in a table of masks to said portion of the incoming packet.
  - 18. A network device as recited in claim 17, wherein each mask in the table of masks has a mask number and said combination table is indexed by mask numbers with search results to be combined.
  - 19. A network device as recited in claim 15, wherein said packet parser is configured to obtain said portion from a header of the incoming packet.
  - 20. A network device as recited in claim 15, wherein said packet parser is configured to send an address resolution lookup request to an address resolution lookup engine and configured to send a fast filtering processor request to a fast filtering processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies General IP PTE Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Shankar, Laxman
Primary Examiner(s)
Shah; Chirag G.

Application Number

US10/268,668
Publication Number

US 20030174711A1
Time in Patent Office

1,740 Days
Field of Search

None
US Class Current

370/392
CPC Class Codes

H04L 45/742   Route cache; Operation thereof

H04L 49/90   Buffering arrangements

H04L 49/9042   Separate storage for differ...

H04L 61/00   Network arrangements, proto...

H04L 61/10   of different types

H04L 69/22   Parsing or analysis of headers

Method and apparatus for filtering packet data in a network device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for filtering packet data in a network device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links