High performance packet processing using a general purpose processor
First Claim
1. An apparatus, comprising:
- a first processor configured for filtering activities that include;
discarding a first packet determined to be a nonstandard packet;
discarding a second packet determined to be a repeating packet in comparison to previously received packets; and
a second processor configured for processing a plurality of packets according to one of a plurality of instructions, wherein the apparatus is configured for;
creating a thread for each of the plurality of packets; and
evaluating header information and contents of the plurality of packets, wherein state data is derived from a particular packet header corresponding to a particular packet included in the plurality of packets.
7 Assignments
0 Petitions
Accused Products
Abstract
A packet processing device includes a control logic processor for filtering packets according to a set of stored rules and an arithmetic logic processor for executing packet processing instructions based on the content of the packet. The control logic processor spawns a new thread for each incoming packet, relieving the arithmetic logic processor of the need to do so. The control logic processor and the arithmetic logic processor preferably are integrated via a thread queue. The control logic processor preferably assigns a policy to each incoming packet. A policy action table stores one or more policy instructions which may be easily changed to update policies to be implemented. The policy action table preferably maps a virtual packet flow identification code to the physical memory address of an action code and a state block associated to the identification code. The arithmetic logic processor processes a packet based on the stored policy assigned to that packet.
-
Citations
20 Claims
-
1. An apparatus, comprising:
-
a first processor configured for filtering activities that include; discarding a first packet determined to be a nonstandard packet; discarding a second packet determined to be a repeating packet in comparison to previously received packets; and a second processor configured for processing a plurality of packets according to one of a plurality of instructions, wherein the apparatus is configured for; creating a thread for each of the plurality of packets; and evaluating header information and contents of the plurality of packets, wherein state data is derived from a particular packet header corresponding to a particular packet included in the plurality of packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
processing a plurality of packets according to one of a plurality of instructions; filtering the plurality of packets, wherein the filtering includes, at least; discarding a first packet determined to be a nonstandard packet; discarding a second packet determined to be a repeating packet in comparison to previously received packets; creating a thread for each of the plurality of packets; and evaluating header information and contents of the plurality of packets, wherein state data is derived from a particular packet header corresponding to a particular packet included in the plurality of packets. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. One or more non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
processing a plurality of packets according to one of a plurality of instructions; filtering the plurality of packets, wherein the filtering includes, at least; discarding a first packet determined to be a nonstandard packet; discarding a second packet determined to be a repeating packet in comparison to previously received packets; creating a thread for each of the plurality of packets; evaluating header information and contents of the plurality of packets, wherein state data is derived from a particular packet header corresponding to a particular packet included in the plurality of packets; matching a first incoming packet to a stored first rule and for generating a first thread if the first incoming packet matches the first rule; and determining whether to accept or discard each of the plurality of packets, wherein at least some of the plurality of packets are identified as being associated with a denial of service (DOS) such that they are discarded.
-
Specification