INTERNET PROTOCOL ADDRESS FILTERING METHODS AND APPARATUS
First Claim
1. A method comprising:
- receiving a data packet;
determining an IP address of the data packet;
accessing an IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses for every possible IP address within an IP address space of the IP address, to determine set membership for the IP address of the data packet; and
determining a further action to be performed on the packet based on the set membership that is determined for the IP address of the data packet.
1 Assignment
0 Petitions
Accused Products
Abstract
An IP address of a received data packet is determined. An IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses, for every possible IP address within an IP address space of the IP address, is accessed to determine set membership for the IP address of the data packet. A further action to be performed on the packet is determined based on the set membership that is determined for the IP address of the data packet. Embodiments could be applied to source IP address filtering, destination IP address filtering, or both. Blacklist and whitelist embodiments, and associated further actions that could be applied to packets in such embodiments, are contemplated.
1 Citation
22 Claims
-
1. A method comprising:
-
receiving a data packet; determining an IP address of the data packet; accessing an IP address map that stores set membership values indicative of whether an IP address is a member of a set of IP addresses for every possible IP address within an IP address space of the IP address, to determine set membership for the IP address of the data packet; and determining a further action to be performed on the packet based on the set membership that is determined for the IP address of the data packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
an interface to receive a data packet; a map memory storing set membership values indicative of whether an IP address is a member of a set of IP addresses for every possible IP address within an IP address space of the IP address; and a packet processor coupled to the interface and to the map memory to determine an IP address of the data packet, to access the map memory and determine set membership for the IP address of the data packet, and to determine a further action to be performed on the packet based on the set membership that is determined for the IP address of the data packet. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification