Method and apparatus for flexible frame processing and classification engine
First Claim
1. A method of handling data packets in a network device, said method comprising:
- receiving an incoming data packet;
parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field;
comparing said portion with rules stored in a rule table of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing further includesapplying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, andobtaining a comparison result by comparing the packet field value against the mask-specified rule field value;
selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and
executing a particular set of actions specified by said particular rule.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of handling data packets in a network device and an apparatus for handling data packets in a network device are disclosed. The method includes receiving an incoming data packet and the incoming data packet is parsed to obtain a portion of the incoming data packet. That portion is compared with rules stored in a rule table, where each rule specifies a set of actions. A match between the portion and a particular rule of the rules is selected and a particular set of actions, specified by that particular rule is executed. Each rule includes a mask, a selection flag and a validity check that are used in the comparison of the portion with each rule. The rules may be compared with the packet portion serially or in a parallel fashion and if more than one rule matches the portion, the highest priority is selected as the matching rule.
-
Citations
74 Claims
-
1. A method of handling data packets in a network device, said method comprising:
-
receiving an incoming data packet; parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field; comparing said portion with rules stored in a rule table of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing further includes applying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, and obtaining a comparison result by comparing the packet field value against the mask-specified rule field value; selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and executing a particular set of actions specified by said particular rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A network device for handling data packets comprising:
-
rules table; means for receiving an incoming data packet; means for parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field; means for comparing said portion with rules stored in said rule table, of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the means for comparing further includes means for applying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, and means for obtaining a comparison result by comparing the packet field value against the mask-specified rule field value; means for selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and means for executing a particular set of actions specified by said particular rule. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A computer program embodied on a computer readable storage medium encoding instructions for performing a process of handling data packets in a network device, wherein the computer program is configured to cause execution of the process when the instructions are executed, said process comprising:
-
receiving an incoming data packet; parsing the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field; comparing said portion with rules stored in a rule table of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing further includes applying the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, and obtaining a comparison result by comparing the packet field value against the mask-specified rule field value; selecting a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and executing a particular set of actions specified by said particular rule. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
-
61. A network device for handling data packets, comprising:
-
a rules table; a receiving unit configured to receive an incoming data packet; a parsing unit configured to parse the incoming data packet to obtain a portion of the incoming data packet, the portion including a packet field; a comparing unit configured to compare said portion with rules stored in said rule table, of the network device, wherein each rule of said rules specifies a set of actions and includes at least one rule field, the at least one rule field including a rule field value, a mask, and a selection flag, the mask specifying a mask-specified subset of the rule field value, and wherein the comparing unit is further configured to apply the mask to the packet field to obtain a packet field value, and to the rule field value to obtain a mask-specified rule field value, and obtain a comparison result by comparing the packet field value against the mask-specified rule field value; a selecting unit configured to select a match between said portion and a particular rule of said rules, based on the comparison result and the selection flag, including selecting the match for the rule field when either the comparison result is positive and the selection flag is positive, or when the comparison result is negative and the selection flag is negative; and an executing unit configured to execute a particular set of actions specified by said particular rule. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
-
Specification