Rule parser
First Claim
Patent Images
1. A method comprising:
- receiving a plurality of capture rules used to determine whether intercepted objects are to be stored;
for each received rule, constructing a state table chain configured to parse a tag for the rule;
generating a state table tree using the plurality of state table chains, the state table tree being configured to parse the tag for the plurality of capture rules; and
intercepting packets being transmitted on a network, the packets associated with a document that includes the intercepted objects, wherein the document is captured based on a particular capture rule associated with the intercepted objects, and wherein the tag comprises a data structure containing meta-data associated with a particular intercepted object, and wherein the document is stored in response to traversing the state table tree to parse the tag and match the tag to the particular capture rule.
11 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment of the present invention, a rule compiler can compress a plurality of rules to be parsed over a block of data into one state table tree structure. In one embodiment of the present invention, rue parsing over the block of data includes selecting a unit of the block of data, indexing into a state table of the state table tree using the selected unit. The state table indexed into can be used for determining whether a decision regarding the block of data can be reached based on the indexed entry, and for selecting a next state table indicated by the indexed entry if the decision regarding the block of data cannot be reached.
-
Citations
24 Claims
-
1. A method comprising:
-
receiving a plurality of capture rules used to determine whether intercepted objects are to be stored; for each received rule, constructing a state table chain configured to parse a tag for the rule; generating a state table tree using the plurality of state table chains, the state table tree being configured to parse the tag for the plurality of capture rules; and intercepting packets being transmitted on a network, the packets associated with a document that includes the intercepted objects, wherein the document is captured based on a particular capture rule associated with the intercepted objects, and wherein the tag comprises a data structure containing meta-data associated with a particular intercepted object, and wherein the document is stored in response to traversing the state table tree to parse the tag and match the tag to the particular capture rule. - View Dependent Claims (2, 3, 4)
-
-
5. A method of rule parsing over a block of data comprising:
-
selecting a unit of the block of data; indexing into a state table using the selected unit; determining whether a decision regarding the block of data can be reached based on the indexed entry; selecting a next state table indicated by the indexed entry if the decision regarding the block of data cannot be reached, wherein the block of data comprises a tag and each unit of the tag comprises a byte; and intercepting packets being transmitted on a network, the packets associated with a document that includes intercepted objects, wherein the document is captured based on a particular capture rule associated with the intercepted objects, and wherein the tag comprises a data structure containing meta-data associated with a particular intercepted object, and wherein the document is stored in response to traversing the state table to parse the tag and match the tag to the particular capture rule. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A capture device comprising:
-
a user interface to enable a user to author a plurality of capture rules; a rule compiler to generate a state table tree, wherein a single traversal of the state table tree applies all of the plurality of capture rules to a tag containing meta-data over an intercepted object; and a rule parser to parse the capture rules by traversing the state table tree using the tag, the capture device being configured to intercept packets being transmitted on a network, the packets associated with a document that includes the intercepted objects, wherein the document is captured based on a particular capture rule associated with the intercepted objects, and wherein the tag comprises a data structure containing meta-data associated with a particular intercepted object, and wherein the document is stored in response to traversing the state table tree to parse the tag and match the tag to the particular capture rule. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory machine-readable medium having stored thereon data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving a plurality of capture rules used to determine whether intercepted objects are to be stored; for each received rule, constructing a state table chain configured to parse a tag for the rule; generating a state table tree using the plurality of state table chains, the state table tree being configured to parse the tag for the plurality of capture rules; and intercepting packets being transmitted on a network, the packets associated with a document that includes the intercepted objects, wherein the document is captured based on a particular capture rule associated with the intercepted objects, and wherein the tag comprises a data structure containing meta-data associated with a particular intercepted object, and wherein the document is stored in response to traversing the state table tree to parse the tag and match the tag to the particular capture rule. - View Dependent Claims (18, 19, 20)
-
-
21. A non-transitory machine-readable medium having stored thereon data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
selecting a unit of a block of data; indexing into a state table using the selected unit; determining whether a decision regarding the block of data can be reached based on the indexed entry; selecting a next state table indicated by the indexed entry if the decision regarding the block of data cannot be reached, wherein the block of data comprises a tag and each unit of the tag comprises a byte; and intercepting packets being transmitted on a network, the packets associated with a document that includes intercepted objects, wherein the document is captured based on a particular capture rule associated with the intercepted objects, and wherein the tag comprises a data structure containing meta-data associated with a particular intercepted object, and wherein the document is stored in response to traversing the state table to parse the tag and match the tag to the particular capture rule. - View Dependent Claims (22, 23, 24)
-
Specification