Mechanisms for layer 7 context accumulation for enforcing layer 4, layer 7 and verb-based rules

Assignee

• Nicira, Inc. · US

Inventors

• Sushruth Gopal · Sunnyvale, US
• Jayant Jain · Cupertino, US
• Subrahmanyam Manuguri · San Jose, US
• Anirban Sengupta · Saratoga, US
• Deepa Kalani · Fremont, US
• Alok S. Tiagi · Palo Alto, US
• Sushil Singh · Bengaluru, IN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L69/22
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The method for implementing mechanisms for Layer 7 context accumulation for enforcing Layers 4, 7, and verb-based rules is presented. The method comprises: receiving stream data, and identifying a packet in the stream. If the packet includes Layer 7 headers: for each Layer 7 header: determining content of the packet identified by a Layer 7 header's identifier; and parsing the content to extract firewall input data. If one or more rules at least partially match the firewall input data, determining that a particular rule also includes additional information that cannot be found in the firewall input data; performing a DPI on the content to determine whether at least a portion of the additional information is found in the content; extracting additional input data from the content and adding it to the firewall input data; and applying the rules to the firewall input data to process the packet.