Finite automata processing based on a top of stack (TOS) memory
First Claim
1. A security appliance operatively coupled to a network, the security appliance comprising:
- a first memory;
a second memory operatively coupled to the first memory; and
at least one processor operatively coupled to the first memory and the second memory and to improve match performance of the at least one processor, the at least one processor is configured to make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory, and store a context in the first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein the context state information associated with the first memory includes a validity state, the validity state indicating a valid or invalid state of the first memory.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, and corresponding apparatus and system are provided for optimizing matching of at least one regular expression pattern in an input stream by storing a context for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton, the store including a store determination, based on context state information associated with a first memory, for accessing the first memory and not a second memory or the first memory and the second memory. Further, to retrieve a pending context, the retrieval may include a retrieve determination, based on the context state information associated with the first memory, for accessing the first memory and not the second memory or the second memory and not the first memory. The first memory may have read and write access times that are faster relative to the second memory.
-
Citations
50 Claims
-
1. A security appliance operatively coupled to a network, the security appliance comprising:
-
a first memory; a second memory operatively coupled to the first memory; and at least one processor operatively coupled to the first memory and the second memory and to improve match performance of the at least one processor, the at least one processor is configured to make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory, and store a context in the first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein the context state information associated with the first memory includes a validity state, the validity state indicating a valid or invalid state of the first memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A security appliance operatively coupled to a network, the security appliance comprising:
-
a first memory; a second memory operatively coupled to the first memory; and at least one processor operatively coupled to the first memory and the second memory and to improve match performance of the at least one processor, the at least one processor is configured to make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory, and store a context in the first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein the determination is a store determination, and the at least one processor is further configured to retrieve a pending context, the retrieval including a retrieve determination, based on the context state information associated with the first memory, for accessing (iii) the first memory and not the second memory or (iv) the second memory and not the first memory. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method comprising:
-
operatively coupling a first memory and a second memory; and operatively coupling at least one processor to the first memory and the second memory, and to improve match performance of the at least one processor, the at least one processor is configured to make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory, and store a context in the first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein the context state information associated with the first memory includes a validity state, the validity state indicating a valid or invalid state of the first memory. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A method comprising:
-
operatively coupling a first memory and a second memory; and operatively coupling at least one processor to the first memory and the second memory, and to improve match performance of the at least one processor, the at least one processor is configured to make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory, and store a context in the first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein the determination is a store determination, and the at least one processor is further configured to retrieve a pending context, the retrieval including a retrieve determination, based on the context state information associated with the first memory, for accessing (iii) the first memory and not the second memory or (iv) the second memory and not the first memory. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A non-transitory computer-readable medium having encoded thereon a sequence of instructions which, when executed by at least one processor, improve match performance of the at least one processor by causing the at least one processor to:
-
make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory; and store a context in a first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein the context state information associated with the first memory includes a validity state, the validity state indicating a valid or invalid state of the first memory.
-
-
48. A security appliance operatively coupled to a network, the security appliance comprising:
-
a first memory; a second memory operatively coupled to the first memory; and at least one processor operatively coupled to the first memory and the second memory and to improve match performance of the at least one processor, the at least one processor is configured to make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory, and store a context in the first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein based on the determination to (ii) access the first memory and the second memory, the at least one processor is further configured to; access the first memory to retrieve a pending context stored in the first memory; access the second memory to store the pending context retrieved; access the first memory to store the context in the first memory; and preserve the context state information associated with the first memory.
-
-
49. A method comprising:
-
operatively coupling a first memory and a second memory; and operatively coupling at least one processor to the first memory and the second memory, and to improve match performance of the at least one processor, the at least one processor is configured to make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory, and store a context in the first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein based on the determination to (ii) access the first memory and the second memory, the at least one processor is further configured to; access the first memory to retrieve a pending context stored in the first memory; access the second memory to store the pending context retrieved; access the first memory to store the context in the first memory; and preserve the context state information associated with the first memory.
-
-
50. A non-transitory computer-readable medium having encoded thereon a sequence of instructions which, when executed by at least one processor, improve match performance of the at least one processor by causing the at least one processor to:
-
make a determination, based on context state information associated with the first memory, for whether to access (i) the first memory and not the second memory or (ii) the first memory and the second memory; and store a context in a first or second memory for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton for matching at least one regular expression pattern, wherein based on the determination to (ii) access the first memory and the second memory, the at least one processor is further caused to; access the first memory to retrieve a pending context stored in the first memory; access the second memory to store the pending context retrieved; access the first memory to store the context in the first memory; and preserve the context state information associated with the first memory.
-
Specification