System and method for processing packets according to concurrently reconfigurable rules
First Claim
1. An apparatus for processing a plurality of packets, each of the plurality of packets being communicated via a network from a source to a destination intended by the source, each of the plurality of packets comprising a plurality of portions, the apparatus comprising:
- a rules memory operative to store a first plurality of rules, wherein the first plurality of rules comprises a first root rule stored in a first memory location in the rules memory and further wherein each of the remaining of the first plurality of rules is hierarchically linked with the first root rule and defines at least one operation to be performed, the first root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the first plurality of rules is to be subsequently executed, the rules memory being further capable of storing a second plurality of rules, wherein the second plurality of rules comprises a second root rule stored in a second memory location in the rules memory and further wherein each of the remaining of the second plurality of rules is hierarchically linked with the second root rule and defines at least one operation to be performed, the second root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the second plurality of rules is to be subsequently executed;
a first processor coupled with the rules memory, a pointer memory location and the network, the pointer memory location operative to store a pointer address specifying the first memory location and being further capable of being changed to specify the second memory location, wherein the first processor is operative to retrieve one of the first or second root rules by accessing the pointer memory location to obtain the pointer address and retrieving the first or second root rule based thereon and further operative to execute the first or second root rule to examine at least a first portion of the plurality of portions of at least one of the plurality of packets and capture the examined packet from the network as defined by the first or second root rule;
a packet memory coupled with the first processor and operative to store the captured packet; and
a second processor coupled with the first processor, the packet memory and the rules memory, the second processor operative to select a second rule of the first or second plurality of rules from the rules memory, the selection being based on at least the first or second root rule, and execute the at least one operation of the second rule.
14 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. A packet interceptor/processor apparatus is coupled with the network so as to be able to intercept and process packets flowing over the network. Further, the apparatus provides external connectivity to other devices that wish to intercept packets as well. The apparatus applies one or more rules to the intercepted packets which execute one or more functions on a dynamically specified portion of the packet and take one or more actions with the packets. The apparatus is capable of analyzing any portion of the packet including the header and payload. Actions include releasing the packet unmodified, deleting the packet, modifying the packet, logging/storing information about the packet or forwarding the packet to an external device for subsequent processing. Further, the rules may be dynamically modified by the external devices.
-
Citations
97 Claims
-
1. An apparatus for processing a plurality of packets, each of the plurality of packets being communicated via a network from a source to a destination intended by the source, each of the plurality of packets comprising a plurality of portions, the apparatus comprising:
-
a rules memory operative to store a first plurality of rules, wherein the first plurality of rules comprises a first root rule stored in a first memory location in the rules memory and further wherein each of the remaining of the first plurality of rules is hierarchically linked with the first root rule and defines at least one operation to be performed, the first root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the first plurality of rules is to be subsequently executed, the rules memory being further capable of storing a second plurality of rules, wherein the second plurality of rules comprises a second root rule stored in a second memory location in the rules memory and further wherein each of the remaining of the second plurality of rules is hierarchically linked with the second root rule and defines at least one operation to be performed, the second root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the second plurality of rules is to be subsequently executed; a first processor coupled with the rules memory, a pointer memory location and the network, the pointer memory location operative to store a pointer address specifying the first memory location and being further capable of being changed to specify the second memory location, wherein the first processor is operative to retrieve one of the first or second root rules by accessing the pointer memory location to obtain the pointer address and retrieving the first or second root rule based thereon and further operative to execute the first or second root rule to examine at least a first portion of the plurality of portions of at least one of the plurality of packets and capture the examined packet from the network as defined by the first or second root rule; a packet memory coupled with the first processor and operative to store the captured packet; and a second processor coupled with the first processor, the packet memory and the rules memory, the second processor operative to select a second rule of the first or second plurality of rules from the rules memory, the selection being based on at least the first or second root rule, and execute the at least one operation of the second rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. An method for processing a plurality of packets, each of the plurality of packets being communicated via a network from a source to a destination intended by the source, each of the plurality of packets comprising a plurality of portions, the method comprising:
-
Storing a first plurality of rules in a rules memory, wherein the first plurality of rules comprises a first root rule stored in a first memory location in the rules memory and further wherein each of the remaining of the first plurality of rules is hierarchically linked with the first root rule and defines at least one operation to be performed, the first root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the first plurality of rules is to be subsequently executed, the rules memory being further capable of storing a second plurality of rules, wherein the second plurality of rules comprises a second root rule stored in a second memory location in the rules memory and further wherein each of the remaining of the second plurality of rules is hierarchically linked with the second root rule and defines at least one operation to be performed, the second root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the second plurality of rules is to be subsequently executed; storing a pointer address in a pointer memory location coupled with a first processor, the first processor being further coupled with the rules memory and the network, the pointer address specifying the first memory location and being further capable of being changed to specify the second memory location; retrieving, by the first processor, one of the first or second root rules by accessing the pointer memory location to obtain the pointer address and retrieving the first or second root rule based thereon and executing the first or second root rule to examine at least a first portion of the plurality of portions of at least one of the plurality of packets and capture the examined packet from the network as defined by the first or second root rule; storing the captured packet in a packet memory coupled with the first processor; and selecting, by a second processor coupled with the first processor, the packet memory and the rules memory, a second rule of the first or second plurality of rules from the rules memory, the selection being based on at least the first or second root rule, and executing the at least one operation of the second rule. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96)
-
-
97. An apparatus for processing a plurality of packets, each of the plurality of packets being communicated via a network from a source to a destination intended by the source, each of the plurality of packets comprising a plurality of portions, the method comprising:
-
means for storing a first plurality of rules in a rules memory means, wherein the first plurality of rules comprises a first root rule stored in a first memory location in the rules memory means and further wherein each of the remaining of the first plurality of rules is hierarchically linked with the first root rule and defines at least one operation to be performed, the first root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the first plurality of rules is to be subsequently executed, the rules memory means being further capable of storing a second plurality of rules, wherein the second plurality of rules comprises a second root rule stored in a second memory location in the rules memory means and further wherein each of the remaining of the second plurality of rules is hierarchically linked with the second root rule and defines at least one operation to be performed, the second root rule operative to define which of the plurality of packets are to be captured for subsequent processing and which of the remaining of the second plurality of rules is to be subsequently executed; means for storing a pointer address in a pointer memory location coupled with a first processor means, the first processor means being further coupled with the rules memory means and the network, the pointer address specifying the first memory location and being further capable of being changed to specify the second memory location; means for retrieving, by the first processor means, one of the first or second root rules by accessing the pointer memory location to obtain the pointer address and retrieving the first or second root rule based thereon and executing the first or second root rule to examine at least a first portion of the plurality of portions of at least one of the plurality of packets and capture the examined packet from the network as defined by the first or second root rule; means for storing the captured packet in a packet memory means coupled with the first processor means; and means for selecting, by a second processor means coupled with the first processor means, the packet memory means and the rules memory means, a second rule of the first or second plurality of rules from the rules memory, the selection being based on at least the first or second root rule, and executing the at least one operation of the second rule.
-
Specification