String search scheme in a distributed architecture

US 8,321,440 B2
Filed: 03/07/2011
Issued: 11/27/2012
Est. Priority Date: 07/26/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A network electronic device for searching for predetermined strings, the device comprising:

a first processor including a classification engine to be coupled to receive a network packet via a network and to perform a first stage search on data contained in the network packet, wherein the classification engine generates a first stage search report that indicates multiple potential strings of interest if the data contained within the network packet has a first block matching a corresponding first block of at least one of the predetermined strings, wherein the first stage search report includes a field to indicate how many potential strings of interest were identified in the data during the first stage search, and wherein the first stage search report further includes entries for each potential string of interest for identifying each block of data that matches a corresponding block of data of the at least one of the predetermined strings; and

a policy processor coupled to perform a second stage search on the data contained in the network packet in response to the first stage search report, wherein the second stage search compares a second block of the potential string of interest to a corresponding second block of the at least one predetermined string to determine whether a match exists.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for searching network data for one or more predetermined strings are disclosed. In one embodiment, the string search is a multi-stage search where the stages of the search are performed by different hardware components. In one embodiment in a first search stage, a first processor performs a comparison of blocks of incoming data to determine whether the blocks potentially represent the beginning of one of the predetermined strings. If a potential predetermined string is identified, a second processor performs a further search to determine whether the string matches one of the predetermined strings. Because the first processor searches only for the beginning of the predetermined strings, the first stage comparison can be performed quickly, which improves network performance as compared to more detailed searching. The second stage is performed by second processor, which allows the first processor to search for potential matching strings. Because many strings do not match the one or more predetermined strings, the more detailed search performed by the second processor is performed selectively, which increases network performance as compared to more detailed searches on all network data.

Citations

16 Claims

1. A network electronic device for searching for predetermined strings, the device comprising:
- a first processor including a classification engine to be coupled to receive a network packet via a network and to perform a first stage search on data contained in the network packet, wherein the classification engine generates a first stage search report that indicates multiple potential strings of interest if the data contained within the network packet has a first block matching a corresponding first block of at least one of the predetermined strings, wherein the first stage search report includes a field to indicate how many potential strings of interest were identified in the data during the first stage search, and wherein the first stage search report further includes entries for each potential string of interest for identifying each block of data that matches a corresponding block of data of the at least one of the predetermined strings; and
  
  a policy processor coupled to perform a second stage search on the data contained in the network packet in response to the first stage search report, wherein the second stage search compares a second block of the potential string of interest to a corresponding second block of the at least one predetermined string to determine whether a match exists.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The network electronic device of claim 1, wherein the first block of the at least one predetermined string is a beginning block of the at least one predetermined string such that the first stage search includes the classification engine searching the first block of data contained in the network packet only for the beginning block of the at least one predetermined string.
  - 3. The network electronic device of claim 1, wherein first stage search report includes a location of the potential string of interest within the data contained in the network packet.
  - 4. The network electronic device of claim 1, wherein the policy processor is further coupled to output a message to indicate that the potential string of interest is a string of interest if a match exists between the second block of data of the potential string of interest and the at least one predetermined string.
  - 5. The network electronic device of claim 4, wherein the message includes a packet destination of the network packet.
  - 6. The network electronic device of claim 1, wherein the policy processor is to be coupled to output the network packet to the network if no potential strings of interest are identified within the data contained in the network packet.
  - 7. The network electronic device of claim 1, wherein the policy processor includes a queue to maintain entries for each potential string of interest.
  - 8. The network electronic device of claim 1, wherein the second block of the at least one predetermined string includes data other than the first block of the at least one predetermined string.
  - 9. The network electronic device of claim 1, wherein the network packet is a first network packet and wherein the first stage search and the second stage search are pipelined such that the classification engine performs the first stage search on data contained in a subsequent network packet while the policy processor performs the second stage search on the data contained in the first network packet.
  - 10. The network electronic device of claim 1, wherein the classification engine is coupled to perform the first stage search on data contained in each of a plurality of network packets received at the classification engine, and wherein the policy processor performs the second stage search on a data contained in a subset of the plurality network packets to provide an increase in network performance.
  - 11. The network electronic device of claim 1, wherein the first stage search includes the classification engine operating as a filter to identify locations in the network packet where potential string matches may exist, and wherein the second stage search includes the policy processor performing pattern matching in the locations identified by the classification engine.
  - 12. The network electronic device of claim 1, further comprising shared memory coupled to the classification engine and to the policy processor.
  - 13. The network electronic device of claim 1, wherein the entries of the first stage search report include a seed identifier that identifies the blocks of data contained within the network packet that match a corresponding block of data of the predetermined strings.
  - 14. The network electronic device of claim 1, wherein the entries of the first stage search report include a seed offset that is character where the policy processor is to begin the second stage search.
  - 15. The network electronic device of claim 1, wherein the entries of the first stage search report include a seed offset value that indicates an offset from the beginning of the network packet to the potential string of interest.
  - 16. The network electronic device of claim 1, wherein the first stage search report comprises first and second fields, including a character before and a character after, respectively, of where the policy processor is to begin the second stage search.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Beylin, Boris
Primary Examiner(s)
Chen, Susan

Application Number

US13/042,289
Publication Number

US 20110173232A1
Time in Patent Office

631 Days
Field of Search

707/736, 717/136, 370/388
US Class Current

707/758
CPC Class Codes

G06F 16/90344   by using string matching te...

Y10S 707/959   Network

Y10S 707/99931   Database or file accessing

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99935   Query augmenting and refini...

Y10S 707/99936   Pattern matching access

Y10S 707/99943   Generating database or data...

String search scheme in a distributed architecture

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

String search scheme in a distributed architecture

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links