Transformation of network filter expressions to a content addressable memory format
US8166536B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 10, 2009 |
| Grant date | Apr 24, 2012 |
| Priority date | — |
| Expiry date | Jul 28, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0263
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A network device, such as a firewall, may be configured to filter network traffic. The filter may include regular expressions that are converted by the firewall into a format that can be stored in a ternary content addressable memory. In one exemplary implementation, the filter definition may include one or more input regular expressions that include variables that are compared to a result based on an equality/inequality relationship, where multiple variables are combined using logical operations selected from a set of logical operations including (but not limited to) logical AND and logical OR operations. The firewall may convert the input regular expressions into a format in which the equality/inequality relationships are converted to a pure equality relationship and the multiple variables are combined using only logical OR operations. The firewall may program the ternary content-addressable memory to implement the filter based on the converted one or more input regular expressions.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.