Anti-spoof check of IPv4-in-IPv6 fragments without reassembly
US11451585B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 13, 2019 |
| Grant date | Sep 20, 2022 |
| Priority date | — |
| Expiry date | Mar 18, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2101/686
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A network device may receive, from a first network, one or more fragments of a first network packet of a first network packet type, where the first network packet encapsulates a second network packet of a second network packet type. The network device may buffer the one or more fragments in. The network device may, upon receiving a fragment of the first network packet that includes an indication of a source network address and a source port for the second network packet, perform an anti-spoof check of the fragment flow without assembling the first network packet. The network device may, based on the fragment flow passing the anti-spoof check, in response to receiving all fragments of the first network packet: assemble the first network packet, decapsulate the second network packet from the assembled first network packet, and forward, to a second network, the second network packet.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.