Programmable packet parsing processor

US 7,623,468 B2
Filed: 08/25/2004
Issued: 11/24/2009
Est. Priority Date: 04/26/2004
Status: Active Grant

First Claim

Patent Images

1. A packet parsing processor, comprising:

a state-graph unit to store parsing instructions for content inspection of network packets at memory locations representative of nodes of a state-graph to be traced, wherein each node is representative of a character of a network packet; and

a parsing engine, having an input/output coupled to an input/output of the state-graph unit to receive the parsing instructions and having an input coupled to receive the network packet, the parsing engine to execute a first parsing instruction located at a current node of the state-graph against a byte stream from the network packet to determine a next node of the state-graph, wherein the next node of the state-graph includes a second parsing instruction for a next character of the network packet,the packet processor further comprising a hash table to store portions of data of the nodes of the state-graph, wherein the first parsing instruction comprises a hash instruction.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a packet processing device and method. A parsing processor provides instruction-driven content inspection of network packets at 10-Gbps and above with a parsing engine that executes parsing instructions. A flow state unit maintains statefulness of packet flows to allow content inspection across several related network packets. A state-graph unit traces state-graph nodes to keyword indications and/or parsing instructions. The parsing instructions can be derived from a high-level application to emulate user-friendly parsing logic. The parsing processor sends parsed packets to a network processor unit for further processing.

Citations

49 Claims

1. A packet parsing processor, comprising:
- a state-graph unit to store parsing instructions for content inspection of network packets at memory locations representative of nodes of a state-graph to be traced, wherein each node is representative of a character of a network packet; and
  
  a parsing engine, having an input/output coupled to an input/output of the state-graph unit to receive the parsing instructions and having an input coupled to receive the network packet, the parsing engine to execute a first parsing instruction located at a current node of the state-graph against a byte stream from the network packet to determine a next node of the state-graph, wherein the next node of the state-graph includes a second parsing instruction for a next character of the network packet,the packet processor further comprising a hash table to store portions of data of the nodes of the state-graph, wherein the first parsing instruction comprises a hash instruction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The packet processor of claim 1, wherein the current node comprises a bit indicating that the current node contains the first parsing instruction.
  - 3. The packet processor of claim 1, wherein the parsing engine further comprises a register to store data, wherein the first parsing instruction comprises a register instruction to perform actions on the data.
  - 4. The packet processor of claim 3, wherein the register instruction copies a current byte from a byte stream across a plurality of related network packets from the network packet to the register.
  - 5. The packet processor of claim 3, wherein the register instruction skips a defined number of bytes within a byte stream spanning across a plurality of related network packets from the network packet to the register.
  - 6. The packet processor of claim 3, wherein the register instruction copies a bit operand to the register.
  - 7. The packet processor of claim 3, wherein the register instruction converts a string representation of a number to a register value.
  - 8. The packet processor of claim 1, wherein the parsing engine further comprises a register, wherein the first parsing instruction comprises a function call instruction to save a current node address in the register and jump to a subroutine.
  - 9. The packet processor of claim 8, further comprising a return instruction to jump back to the current node address stored in the register.
  - 10. The packet processor of claim 1, wherein the first parsing instruction comprises a messaging instruction to send bytes from a byte stream to external to the packet parsing processor for additional processing.
  - 11. The packet processor of claim 1, wherein the hash instruction calculates a hash key indicative of an entry in the hash table.
  - 12. The packet processor of claim 1, wherein the hash instruction modifies an entry in the hash table.
  - 13. The packet processor of claim 1, wherein the first parsing instruction comprises a bit vector instruction to perform a logical operation against a bit vector related to a parsing context maintained across a plurality of related network packets.
  - 14. The packet processor of claim 1, wherein the first parsing instruction comprises a location of the next node of the state-graph.
  - 15. The packet processor of claim 1, wherein the byte stream comprises payload data from the network packet.
  - 16. The packet processor of claim 1, wherein the byte stream comprises header data from the network packet.

17. In a packet parsing processor, a method comprising:
- storing parsing instructions for content inspection of network packets at memory locations representative of nodes of a state-graph to be traced, wherein each node is representative of a character of a network packet;
  
  receiving a first parsing instruction and the network packet; and
  
  executing a first parsing instruction located at a current node of the state-graph against a byte stream of the network packet to determine a next node of the state-graph, wherein the next node of the state-graph includes a second parsing instruction for a next character of the network packet,wherein the first parsing instruction comprises a hash instruction to perform an action related to the hash table.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 18. The method of claim 17, further comprising:
    - indicating that the current node contains the first parsing instruction.
  - 19. The method of claim 17, wherein the first parsing instruction comprises a register instruction to perform actions on data.
  - 20. The method of claim 19, wherein the register instruction copies a current byte from the byte stream spanning across a plurality of related network packets from a network packet to a register.
  - 21. The method of claim 19, wherein the register instruction skips a defined number of bytes within the byte stream spanning across a plurality of related network packets from the network packet to a register.
  - 22. The method of claim 19, wherein the register instruction copies a bit operand to a register.
  - 23. The method of claim 19, wherein the register instruction converts a string representation of a number to a register value.
  - 24. The method of claim 17, wherein the first parsing instruction comprises a function call instruction to save a current node address in a register and jump to a subroutine.
  - 25. The method of claim 24, further comprising a return instruction to jump back to the current node address stored in the register.
  - 26. The method of claim 17, wherein the first parsing instruction comprises a messaging instruction to send bytes from the byte stream to external to the packet parsing processor for additional processing.
  - 27. The method of claim 17, wherein the hash instruction calculates a hash key indicative of an entry in the hash table.
  - 28. The method of claim 17, wherein the hash instruction modifies an entry in a hash table.
  - 29. The method of claim 17, wherein the first parsing instruction comprises a bit vector instruction to perform a logical operation against a bit vector related to a parsing context maintained across a plurality of related network packets.
  - 30. The method of claim 17, wherein the first parsing instruction comprises a location of the next packet parsing state.

31. A packet parsing processor, comprisingmeans for storing parsing instructions for content inspection of network packets at memory locations representative of nodes of a state-graph to be traced, wherein each node is representative of a character of a network packet;
- means for receiving a first parsing instruction and the network packet; and
  
  means for executing, coupled to the means for storing and the means for receiving, the means for executing performing an action on a first parsing instruction located at a current node of the state-graph against a byte stream of the network packet to determine a next node of the state-graph, wherein the next node of the state-graph includes a second parsing instruction for a next character of the network packet,wherein the first parsing instruction comprises a hash instruction to perform an action related to a means for hashing.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
- - 32. The packet parsing processor of claim 31, further comprising:
    - means for indicating that the current node contains the first parsing instruction.
  - 33. The packet parsing processor of claim 31, wherein the first parsing instruction comprises a register instruction to perform actions on data.
  - 34. The packet parsing processor of claim 31, wherein the first parsing instruction comprises a function call instruction to save a current node address in a register and jump to the next parsing state.
  - 35. The packet parsing processor of claim 31, wherein the first parsing instruction comprises a messaging instruction to send bytes from the byte stream to external to the packet parser for processing.
  - 36. The packet parsing processor of claim 31, wherein the hash instruction calculates a hash key indicative of an entry in the means for hashing.
  - 37. The packet parsing processor of claim 31, wherein the hash instruction modifies an entry in the means for hashing.
  - 38. The packet parsing processor of claim 31, wherein the first parsing instruction comprises a bit vector instruction to perform a logical operation against a bit vector related to a parsing context maintained across a plurality of related network packets.
  - 39. The packet parsing processor of claim 31, wherein the first parsing instruction comprises a location of the next node of the state-graph.

40. A computer program product, comprising a computer-readable medium having computer program instructions and data embodied thereon for a method of parsing packets in a packet parsing processor, the method comprising:
- storing parsing instructions for content inspection of network packets at memory locations representative of nodes of a state-graph to be traced, wherein each node is representative of a character of a network packet;
  
  receiving a first parsing instruction and the network packet; and
  
  executing a first parsing instruction located at a current node of the state-graph against a byte stream of the network packet to determine a next node of the state-graph, wherein the next node of the state-graph includes a second parsing instruction for a next character of the network packet,wherein the first parsing instruction comprises a hash instruction to perform an action related to a hash table.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
- - 41. The computer program product of claim 40, further comprising:
    - indicating that the current node contains the first parsing instruction.
  - 42. The computer program product of claim 40, wherein the first parsing instruction comprises a register instruction to perform actions on data.
  - 43. The computer program product of claim 40, wherein the first parsing instruction comprises a function call instruction to save a current node address in a register and jump to a subroutine.
  - 44. The computer program product of claim 40, wherein the first parsing instruction comprises a messaging instruction to send bytes from a byte stream to external to the packet parser for processing.
  - 45. The computer program product of claim 40, wherein the hash instruction calculates a hash key indicative of an entry in the hash table.
  - 46. The computer program product of claim 40, wherein the hash instruction modifies an entry in the hash table.
  - 47. The computer program product of claim 40, wherein the first parsing instruction comprises a bit vector instruction to perform a logical operation against a bit vector related to a parsing context maintained across a plurality of related network packets.
  - 48. The computer program product of claim 40, wherein the first parsing instruction comprises a location of the next node of the state-graph.

49. A network device having a processor and a memory, comprising:
- a state-graph unit to store parsing instructions for content inspection of network packets at memory locations representative of nodes of a state-graph to be traced, wherein each node is representative of a character of a network packet; and
  
  a parsing engine, having an input/output coupled to an input/output of the state-graph unit to receive the parsing instructions and having an input coupled to receive the network packet, the parsing engine to execute a first parsing instruction located at a current node of the state-graph against a byte stream from the network packet to determine a next node of the state-graph, wherein the next node of the state-graph includes a second parsing instruction for a next character of the network packet,the packet processor further comprising a hash table to store portions of data of the nodes of the state-graph, wherein the first parsing instruction comprises a hash instruction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Patra, Abhijit, Jain, Sanjay, Panigrahy, Rina, Bagepalli, Nagaraj A., Ng, Daniel Yu-Kwong, Liu, Jackie
Primary Examiner(s)
Moe; Aung S
Assistant Examiner(s)
Rose; Kerri M

Application Number

US10/927,290
Publication Number

US 20050238012A1
Time in Patent Office

1,917 Days
Field of Search

370/252, 370352-356, 370/400, 370/401, 370/238, 370/254, 370/389, 709/249, 711/154
US Class Current

370/252
CPC Class Codes

H04L 63/0254   Stateful filtering

H04L 63/1408   by monitoring network traff...

H04L 69/22   Parsing or analysis of headers

Programmable packet parsing processor

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Programmable packet parsing processor

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links