Filtering ingress packets in network interface circuitry

US 7,760,733 B1
Filed: 10/13/2005
Issued: 07/20/2010
Est. Priority Date: 10/13/2005
Status: Active Grant

First Claim

Patent Images

1. A method of operating network interface circuitry, wherein the network interface circuitry couples a host computer to a network to facilitate communication over the network between the host computer and a peer, the method comprising:

by the network interface circuitry,receiving data from the peer via the network; and

processing at least a portion of the received data, including;

processing the at least a portion of the received data to determine an indication of a highest priority one of a plurality of actions to be performed by the network interface controller with respect to the received data, whereinthe plurality of actions include filtering received data and protocol processing of received data for connections between the host and a peer for which the protocol processing has been offloaded to the network interface circuitry by the host, andthe processing of the at least a portion of the received data includes presenting the at least a portion of the received data to lookup circuitry that is configured to automatically provide the indication of the highest priority action, associated with the received data, based not only on whether the portion of the received data presented to the lookup circuitry matches data associated with an indication of an action but also based on an order of the indications of the plurality of actions relative to each other in the lookup circuitry, the indications of protocol processing for connections that have been offloaded being located to indicate, when applicable to particular received data, a higher priority than the filtering actions;

andperforming the indicated highest priority one of the plurality of actions.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Transfer of data is facilitated between at least one peer application and a host, via a network and network interface circuitry associated with the host. That is, data destined for the host is provided from the peer to the network interface circuitry via the network. The NIC has the capability to offload the processing of data provided according to particular protocols. In addition, based on characteristics of the data, a filtering rule associated with those characteristics may be applied to the data prior to providing the data to the host. When there are a plurality of filter rules associated with characteristics of the data, in some examples, it is automatically determined which one of the plurality of filter rules associated with characteristics of the data to apply to the data.

160 Citations

25 Claims

1. A method of operating network interface circuitry, wherein the network interface circuitry couples a host computer to a network to facilitate communication over the network between the host computer and a peer, the method comprising:
- by the network interface circuitry,receiving data from the peer via the network; and
  
  processing at least a portion of the received data, including;
  
  processing the at least a portion of the received data to determine an indication of a highest priority one of a plurality of actions to be performed by the network interface controller with respect to the received data, whereinthe plurality of actions include filtering received data and protocol processing of received data for connections between the host and a peer for which the protocol processing has been offloaded to the network interface circuitry by the host, andthe processing of the at least a portion of the received data includes presenting the at least a portion of the received data to lookup circuitry that is configured to automatically provide the indication of the highest priority action, associated with the received data, based not only on whether the portion of the received data presented to the lookup circuitry matches data associated with an indication of an action but also based on an order of the indications of the plurality of actions relative to each other in the lookup circuitry, the indications of protocol processing for connections that have been offloaded being located to indicate, when applicable to particular received data, a higher priority than the filtering actions;
  
  andperforming the indicated highest priority one of the plurality of actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein:
    - automatically determining an indication of a highest priority one of a plurality of actions includes at least presenting an indication of characteristics of the at least a portion of the received data to a content-addressable memory, wherein the content addressable memory automatically provides an indication of the highest priority one of the plurality of actions.
  - 3. The method of claim 1, wherein:
    - the received data includes at least one packet having a header portion and a payload portion; and
      
      the header portion of each packet indicates characteristics of that packet.
  - 4. The method of claim 1, wherein:
    - performing the indicated highest priority one of a plurality of actions includes, as appropriate, either performing the protocol processing for a connection indicated by a control block indicated by the highest priority action or applying a particular filtering rule to the received data including at least one of not providing the received data to the host and modifying the received data prior to providing the received data to the host.
  - 5. The method of claim 1, wherein:
    - determining an indication of a highest priority one of a plurality of actions includes automatically determining a location, in the lookup circuitry, associated with the particular action; and
      
      the action that is taken on the received data is the action with which the automatically determined location is associated.
  - 6. The method of claim 1, wherein:
    - each of at least some of the plurality of actions is a filter rule;
      
      each filtering rule has associated with it data characteristics for that filtering rule; and
      
      automatically determining an indication of a highest priority one of a plurality of actions is based, at least in part, on processing characteristics of the received data relative to the associated data characteristics for the plurality of filtering rules.
  - 7. The method of claim 6, wherein:
    - the characteristics of the received data are indicated by a characteristics indication portion of the received data; and
      
      processing characteristics of the received data relative to the associated data characteristics for the plurality of filtering rules includes processing the characteristics indication portion of the received data relative to the associated data characteristics for the plurality of filtering rules.
  - 8. The method of claim 7, wherein:
    - for each of at least some of the plurality of filtering rules, processing the characteristics indication portion of the received data relative to the associated data characteristics for that filtering rule includes applying a mask associated with that filtering rule to the characteristics indication portion of the received data and processing the masked characteristics indication portion relative to the associated data characteristics for that filtering rule.
  - 13. The method of claim 1, wherein:
    - the lookup circuitry includes a content-addressable memory that includes the data associated with indications of the plurality of actions, wherein the at least a portion of the received data is presented to the content-addressable memory, and a corresponding result from the content-addressable memory is the indication of the highest priority one of a plurality of actions at least as a result of an order of the indications of the plurality of actions relative to each other in the content-addressable memory.
  - 14. The method of claim 13, wherein:
    - the content-addressable memory is configured to provide an index of a first location in the content addressable memory whose content matches the portion of the received data presented to the content-addressable memory.
  - 15. The method of claim 14, wherein:
    - the content-addressable memory is configured, for at least some of the locations, to treat a part of the at least portion provided to the lookup circuitry as “
      
      don'"'"'t care”
      
      such that any value for this part will match.
  - 16. The method of claim 1, wherein the filtering rules including filtering rules to, when applied, selectively cause some of the received data to not be passed to the host.
  - 17. The method of claim 1, wherein:
    - the lookup circuitry is configured to, in determining whether a particular action is applicable to the received data, treat a part of the at least portion provided to the lookup circuitry as “
      
      don'"'"'t care”
      
      such that any value for this part will match.

9. A method of operating network interface circuitry, wherein the network interface circuitry is configured to handle protocol processing of connections offloaded from a host, with respect to data communication over a network between a peer and the host, the method comprising:
- by the network interface circuitry, determining an indication of a highest priority one of a plurality of actions to be performed by the network interface controller with respect to the received data, the determining includinga) receiving data nominally from the peer via the network;
  
  b) processing the received data such that,b1) if the data is data of a connection that is offloaded from the host, determining an indication of an action to communicate with the peer according to the protocol and to pass data resulting therefrom to the host; and
  
  b2) if the data is not data of a connection that is offloaded from the host and if there is at least one action that is a filtering rule associated with characteristics of the data, automatically determining an action that is a particular one of the filtering rules associated with characteristics of the received data to apply to the received data,wherein the processing of the received data is based not only on whether the portion of the received data presented to the lookup circuitry matches data associated with an indication of an action but is also based on an order of the indications of the plurality of actions relative to each other in the lookup circuitry; and
  
  applying the determined highest priority filtering rule to the data.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein:
    - the step of automatically determining the particular one of the indications of the plurality of actions includes presenting at least a portion of the received data to a content-addressable memory that includes the data associated with indications of the plurality of actions, wherein the organization and operation of the content-addressable memory is such to automatically determine the highest priority one of the indications of the plurality of actions at least as a result of an order of the indications of the plurality of actions relative to each other in the content-addressable memory.
  - 11. The method of claim 10, wherein:
    - the content-addressable memory provides an indication of a location, in a collection of actions, of the particular action.

12. Network interface circuitry configured to couple a host computer to a network to facilitate communication over the network between the host and a peer, the network interface circuitry comprising:
- circuitry configured to receive data from the network;
  
  circuitry configured to process the received data to determine an indication of a highest priority one of a plurality of actions to be performed by the network interface controller with respect to the received data, wherein the processing includes presenting the at least a portion of the received data to lookup circuitry that is configured to automatically provide the indication of the highest priority action, associated with the received data, based not only on whether the portion of the received data presented to the lookup circuitry matches data associated with an indication of an action but also based on an order of the indications of the plurality of actions relative to each other in the lookup circuitry, wherein the actions include protocol processing with respect to a connection to which the received data belongs or filtering for received data which does not belong to a connection whose protocol processing is being handled by the network interface circuitry; and
  
  circuitry configured to provide, to the host computer, the received data having the particular indicated highest priority action applied,wherein the circuitry configured to provide, to the host computer, the received data having the indicated action applied, is configured to selectively block the received data from being provided to the host computer based at least in part on the indicated particular action being a filtering rule applicable to the received data.

18. A method of operating network interface circuitry, wherein the network interface circuitry couples a host computer to a network to facilitate communication over the network between the host computer and a peer, the method comprising:
- by the network interface circuitry,receiving data from the peer via the network; and
  
  processing at least a portion of the received data, including;
  
  processing the at least a portion of the received data to determine an indication of a highest priority one of a plurality of actions to be performed by the network interface controller with respect to the received data, whereinthe plurality of actions include filtering received data and protocol processing of received data for connections between the host and a peer for which the protocol processing has been offloaded to the network interface circuitry by the host, andthe processing of the at least a portion of the received data includes presenting the at least a portion of the received data to lookup circuitry that is configured to automatically provide the indication of the highest priority action, associated with the received data, the indications of protocol processing for connections that have been offloaded indicating, when applicable to particular received data, a higher priority than the filtering actions; and
  
  performing the indicated highest priority one of the plurality of actions.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The method of claim 18, wherein:
    - automatically determining an indication of a highest priority one of a plurality of actions includes at least presenting an indication of characteristics of the at least a portion of the received data to at least one content-addressable memory, wherein the at least one content addressable memory automatically provides an indication of the highest priority one of the plurality of actions.
  - 20. The method of claim 18, wherein:
    - the received data includes at least one packet having a header portion and a payload portion; and
      
      the header portion of each packet indicates characteristics of that packet.
  - 21. The method of claim 18, wherein:
    - performing the indicated highest priority one of a plurality of actions includes, as appropriate, either performing the protocol processing for a connection indicated by a control block indicated by the highest priority action or applying a particular filtering rule to the received data including at least one of not providing the received data to the host and modifying the received data prior to providing the received data to the host.
  - 22. The method of claim 18, wherein:
    - determining an indication of a highest priority one of a plurality of actions includes automatically determining a location, in the lookup circuitry, associated with the particular action; and
      
      the action that is taken on the received data is the action with which the automatically determined location is associated.
  - 23. The method of claim 18, wherein:
    - each of at least some of the plurality of actions is a filter rule;
      
      each filtering rule has associated with it data characteristics for that filtering rule; and
      
      automatically determining an indication of a highest priority one of a plurality of actions is based, at least in part, on processing characteristics of the received data relative to the associated data characteristics for the plurality of filtering rules.
  - 24. The method of claim 23, wherein:
    - the characteristics of the received data are indicated by a characteristics indication portion of the received data; and
      
      processing characteristics of the received data relative to the associated data characteristics for the plurality of filtering rules includes processing the characteristics indication portion of the received data relative to the associated data characteristics for the plurality of filtering rules.
  - 25. The method of claim 24, wherein:
    - for each of at least some of the plurality of filtering rules, processing the characteristics indication portion of the received data relative to the associated data characteristics for that filtering rule includes applying a mask associated with that filtering rule to the characteristics indication portion of the received data and processing the masked characteristics indication portion relative to the associated data characteristics for that filtering rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chelsio Communications Incorporated
Original Assignee
Chelsio Communications Incorporated
Inventors
Eiriksson, Asgeir Thor, Mao, Chris Yuhong
Primary Examiner(s)
Sam; Phirin

Application Number

US11/250,894
Time in Patent Office

1,741 Days
Field of Search

None
US Class Current

370/392
CPC Class Codes

H04L 69/12   Protocol engines

H04L 69/16   Implementation or adaptatio...

H04L 69/22   Parsing or analysis of headers

H04L 69/32   Architecture of open system...

H04L 69/323   in the physical layer [OSI ...

H04L 69/324   in the data link layer [OSI...

H04L 69/325   in the network layer [OSI l...

H04L 69/326   in the transport layer [OSI...

Filtering ingress packets in network interface circuitry

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

160 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Filtering ingress packets in network interface circuitry

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links