System and method for range matching
First Claim
Patent Images
1. A method for IP address range matching, the method comprising:
- constructing a hash table comprising a plurality of entries corresponding to predefined ranges of IP addresses, wherein the hash table specifies relative priorities among the predefined ranges of IP addresses;
storing the hash table in a processor cache memory;
monitoring packets exchanged over a network to obtain an IP address from a packet;
generating a first key, wherein the first key comprises a first sequence of bits of the IP address that begins with the most significant bit and wherein the first key is generated by applying a first template to the IP address by calculating a bit-wise AND between a bit mask and the IP address;
querying the hash table using the first key to obtain a first entry that specifies an inconclusive result, wherein the inconclusive result includes an updated template;
applying, after obtaining the inconclusive result, the updated template to the IP address to obtain an updated key, wherein the updated key comprises an updated sequence of bits of the IP address that begins with the most significant bit, and wherein the updated key includes more bits of the IP address than the first key;
repeating the querying using updated keys and the applying updated templates until a conclusive result is achieved;
matching, based on the entry specifying the conclusive result with the highest priority, the IP address to one of the predefined ranges of IP addresses; and
discarding packets according to results of said matching step.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for range matching. The system holds a definition of one or more ranges of Internet Protocol (IP) addresses. The definition may specify any desired number of ranges of any suitable size, and some ranges may overlap one another or be contained in one another. The definition may also specify certain returned values and/or relative priorities for the various ranges. In a pre-processing phase, a hash table that is subsequently queried with addresses to be range-matched. The hash table may be updated at run-time. During operation, the system receives addresses (e.g., extracts addresses from monitored communication traffic) and identifies by querying the hash table, for each address, whether the address falls within any of the ranges.
80 Citations
10 Claims
-
1. A method for IP address range matching, the method comprising:
-
constructing a hash table comprising a plurality of entries corresponding to predefined ranges of IP addresses, wherein the hash table specifies relative priorities among the predefined ranges of IP addresses; storing the hash table in a processor cache memory; monitoring packets exchanged over a network to obtain an IP address from a packet; generating a first key, wherein the first key comprises a first sequence of bits of the IP address that begins with the most significant bit and wherein the first key is generated by applying a first template to the IP address by calculating a bit-wise AND between a bit mask and the IP address; querying the hash table using the first key to obtain a first entry that specifies an inconclusive result, wherein the inconclusive result includes an updated template; applying, after obtaining the inconclusive result, the updated template to the IP address to obtain an updated key, wherein the updated key comprises an updated sequence of bits of the IP address that begins with the most significant bit, and wherein the updated key includes more bits of the IP address than the first key; repeating the querying using updated keys and the applying updated templates until a conclusive result is achieved; matching, based on the entry specifying the conclusive result with the highest priority, the IP address to one of the predefined ranges of IP addresses; and discarding packets according to results of said matching step. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCognyte Technologies Israel Ltd. (Cognyte Software Ltd.)
-
Original AssigneeVerint Systems Limited (Verint Systems Incorporated)
-
InventorsYishay, Yitshak
-
Primary Examiner(s)Thier, Michael
-
Assistant Examiner(s)Mensah, Prince A
-
Application NumberUS14/807,808Publication NumberTime in Patent Office1,734 DaysField of SearchUS Class CurrentCPC Class CodesH04L 45/7453 using hashingH04L 61/35 involving non-standard use ...H04L 61/4552 Lookup mechanisms between a...H04L 61/5007 Internet protocol [IP] addr...
