Processing

Please wait...

Settings

Settings

1. WO2017138936 - DETERMINING PATTERN MATCH BASED ON CIRCUIT MATCH AND HASH VALUE MATCH

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS

What is claimed is:

1 . A network infrastructure device comprising:

a network interface;

a packet processor;

a circuit to monitor packets switched by the network interface,

wherein the circuit further comprises a pattern matcher capable to identify flows in the packets satisfying patterns up to a predetermined pattern size; and a management engine to receive a pattern rule to match a pattern of a first pattern size that is larger than the predetermined pattern size and to configure the circuit to match a first portion of the pattern,

wherein the first portion is the predetermined pattern size,

wherein the management engine is further to determine a pre-hash calculation of a second portion of the pattern that is greater than the predetermined pattern size,

wherein the circuit determines that one of the flows matches the first portion; and

wherein the packet processor determines whether the second portion of the pattern is matched in the one flow based on the pre-hash calculation.

2. The network infrastructure device of claim 1 , wherein the circuit provides location information in the one flow including the first portion to the packet processor.

3. The network infrastructure device of claim 2, wherein the packet processor determines whether the second portion of the pattern is matched based on the location information.

4. The network infrastructure device of claim 3, wherein the packet processor is further to:

hash another portion of the one flow based on the location information and an index;

compare the hashed other portion and the pre-hash calculation to determine whether the second portion of the pattern is matched.

5. The network infrastructure device of claim 4, wherein the other portion has a same size as the second portion, wherein the index is provided by the circuit, and wherein the index is used to determine the same size.

6. The network infrastructure device of claim 4, wherein the network device is further to receive a hash key to hash the other portion.

7. The network infrastructure device of claim 1 , wherein the packet processor performs an action on the one flow based on the determination that the second portion of the pattern is matched and the first portion of the pattern is matched.

8. The network infrastructure device of claim 7, wherein the action includes at least one of: dropping a packet of the one flow, sending the packet to a location, and incrementing a counter.

9. A method comprising:

determining, by a hardware circuit, that a first packet portion of a packet is matched to a first pattern portion of a pattern,

wherein the packet is received at a network interface for switching;

hashing, at a programmable packet processor, a second packet portion of the packet based on a size of the pattern and a location of the first packet portion to generate a hash value; and

determining, at the programmable packet processor, whether the hash value matches a pre-hash value corresponding to a second pattern portion of the pattern.

10. The method of claim 9, further comprising:

performing an action in response to a determination that the first packet portion is matched and the hash value matches the pre-hash value.

1 1 . The method of claim 9, further comprising:

receiving the pattern,

wherein the hardware circuit is capable of matching up to a predetermined pattern size,

wherein the pattern has a first size that is larger than the predetermined pattern size,

wherein the first pattern portion has second size equal to the predetermined pattern size,

wherein the second pattern portion has a third size that is a difference between the predetermined pattern size and the second size,

configuring, by a management processor, the hardware circuit to monitor for the first pattern portion.

12. The method of claim 1 1 , further comprising:

hashing, by the management processor, the second pattern portion to determine the pre-hash value.

13. A non-transitory machine-readable storage medium storing instructions that, if executed by a physical processing element of a device, cause the device to:

receive a notification from a hardware circuit of the device that a first packet portion of a packet received by a network interface of the device is matched to a first pattern portion of a pattern;

hash a second packet portion of the packet to generate a hash value based on a hash size determined via information from the hardware circuit; and determine that the hash value matches a pre-hash value corresponding to a second pattern portion of the pattern.

14. The non-transitory machine-readable storage medium of claim 13, wherein the hardware circuit is capable of matching up to a predetermined pattern size,

wherein the pattern has a first size that is larger than the predetermined pattern size,

wherein the first pattern portion has second size equal to the predetermined pattern size,

wherein the second pattern portion has a third size that is a difference between the predetermined pattern size and the second size.

15. The non-transitory machine-readable storage medium of claim 13, further comprising instructions that, if executed by the physical processing element, cause the device to:

perform an action on a flow associated with the packet based on the determination,

wherein the action includes at least one of: dropping the packet, sending the packet to a location, and incrementing a counter, and

wherein the second packet portion is one of: a superset of the first packet portion, adjacent to the first packet portion, and sequential in an order to the first packet portion.