CA2307529A1 - Method and apparatus for grammatical packet classifier - Google Patents
Method and apparatus for grammatical packet classifier Download PDFInfo
- Publication number
- CA2307529A1 CA2307529A1 CA002307529A CA2307529A CA2307529A1 CA 2307529 A1 CA2307529 A1 CA 2307529A1 CA 002307529 A CA002307529 A CA 002307529A CA 2307529 A CA2307529 A CA 2307529A CA 2307529 A1 CA2307529 A1 CA 2307529A1
- Authority
- CA
- Canada
- Prior art keywords
- dfa
- classifier
- data
- grammar
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Communication Control (AREA)
Abstract
A packet classification language (GPCL) is provided to specify protocol hierarchies among data packets in a routing device. The GPCL uses regular expressions to match incoming data packets and a syntax to describe the protocol hierarchy. A GPCL compiler produces an enhanced DFA which incorporates the regular expression for recognizing constituent parts of a data packets and which incorporates the grammar graph defining the relationships among the constituent parts. A hardware implemented DFA is used to scan the input stream which constitutes the data packets.
Claims (30)
1. A method for identifying protocol encapsulation in received network data comprising providing a grammar and parsing incoming network data using said grammar, said network data being organized into data packets.
2. The method of claim 1 wherein said grammar is a grammar graph, the method further including providing a deterministic finite automaton (DFA) representing said grammar graph.
3. The method of claim 1 further including scanning said incoming network data using lexical token scanning to produce plural lexical tokens, said step of parsing including parsing said lexical tokens.
4. The method of claim 3 wherein said lexical scanning includes providing a set of regular expressions.
5. The method of claim 3 further including providing a deterministic finite automaton (DFA), said DFA including a representation of said lexical tokens and said grammar, said step of scanning including recognizing lexical tokens contained in said data packets using said DFA, said step of parsing including identifying grammatical structure among said lexical tokens using said DFA to identify protocol encapsulation in said incoming network data.
6. In a data packet network switching device, a method for processing data packets comprising:
providing a grammar;
receiving plural data packets, each having a length not necessarily equal to one another; and for each data packet, lexically scanning said data packet to produce plural lexical tokens, parsing said lexical tokens to produce one or more identified protocols, and processing said data packet based on said identified protocols.
providing a grammar;
receiving plural data packets, each having a length not necessarily equal to one another; and for each data packet, lexically scanning said data packet to produce plural lexical tokens, parsing said lexical tokens to produce one or more identified protocols, and processing said data packet based on said identified protocols.
7. The method of claim 6 further including compiling said grammar to produce a grammar graph.
8. The method of claim 7 wherein said lexical scanning includes providing regular expressions for identifying said lexical tokens.
9. The method of claim 8 further including compiling said regular expressions are into a deterministic finite automaton (DFA).
10. The method of claim 9 further including incorporating said grammar graph into said DFA.
11. In a data packet receiving and forwarding device, a method for processing data packets comprising a stream of data, said method comprising:
receiving a description of grammar rules in a grammar packet classification language;
compiling said grammar packet classification language to produce a grammar graph;
configuring a programmable grammatical packet classifier with said grammar graph;
parsing said data stream with said grammatical packet classifier to identify a protocol structure in a received data packet; and processing said received data packet in accordance with said protocol structure.
receiving a description of grammar rules in a grammar packet classification language;
compiling said grammar packet classification language to produce a grammar graph;
configuring a programmable grammatical packet classifier with said grammar graph;
parsing said data stream with said grammatical packet classifier to identify a protocol structure in a received data packet; and processing said received data packet in accordance with said protocol structure.
12. The method of claim 11 further including:
receiving a description of classification rules in a lexical classification language;
compiling said classification language to produce a deterministic finite automaton (DFA) comprising plural states;
configuring said hardware packet classifier with said DFA; and scanning said data stream with said hardware packet classifier to produce plural lexical tokens, wherein said parsing is a step of parsing said lexical tokens.
receiving a description of classification rules in a lexical classification language;
compiling said classification language to produce a deterministic finite automaton (DFA) comprising plural states;
configuring said hardware packet classifier with said DFA; and scanning said data stream with said hardware packet classifier to produce plural lexical tokens, wherein said parsing is a step of parsing said lexical tokens.
13. The method of claim 12 wherein said grammar graph is incorporated into said DFA.
14. The method of claim 12 wherein said lexical classification language includes regular expressions.
15. The method of claim 14 wherein said regular expressions include arithmetic and logic operations.
16. The method of claim 15 wherein said regular expressions further include skip operations.
17. The method of claim 16 wherein said regular expressions further include data storage operations.
18. A network data packet classifier comprising:
an input port for receiving network data packets comprising a stream of data;
a memory assemblage configured with data representing a deterministic finite automaton (DFA), said DFA representing a grammar graph and plural regular expressions; and decompression logic operatively coupled to said memory assemblage and configured to scan said stream of data with said DFA to find a matching one of said regular expressions thereby producing plural lexical tokens, said decompression logic further configured to parse said lexical tokens with said DFA to identify a protocol structure in a received network data packet, wherein processing of said network data packet depends on said protocol structure.
an input port for receiving network data packets comprising a stream of data;
a memory assemblage configured with data representing a deterministic finite automaton (DFA), said DFA representing a grammar graph and plural regular expressions; and decompression logic operatively coupled to said memory assemblage and configured to scan said stream of data with said DFA to find a matching one of said regular expressions thereby producing plural lexical tokens, said decompression logic further configured to parse said lexical tokens with said DFA to identify a protocol structure in a received network data packet, wherein processing of said network data packet depends on said protocol structure.
19. The classifier of claim 18 wherein some of said regular expressions include arithmetic instructions and logic instructions, said memory assemblage further configured to contain said instructions, the classifier further including an arithmetic logic unit operatively coupled to said decompression logic and configured to execute said instructions.
20. The classifier of claim 19 further including at least one register operatively coupled to said arithmetic logic unit, said arithmetic logic unit further configured to store data into said register in response to a save instruction.
21. The classifier of claim 19 further including skip logic operatively coupled to said logic component and configured to skip over an amount of data in response a skip instruction.
22. The classifier of claim 18 wherein said network data packets can vary from one packet to another.
23. The classifier of claim 18 wherein said DFA is in compressed form.
24. The classifier of claim 23 wherein said DFA comprises plural non-default states and plural default states, and said memory assemblage comprises a base memory, a next-state memory, and a default-state memory; said base memory configured to contain address locations of said next-state memory, said next-state memory representing all of said non-default states, said default-state memory representing all of said default states.
25. The classifier of claim 24 wherein said memories are random access memories.
26. The classifier of claim 24 wherein said memories are read-only memories.
27. A network packet classifier comprising:
means for receiving an incoming network packet; and means for identifying protocol structure in said network packet including means for scanning to match patterns in its constituent data against plural regular expressions to produce lexical tokens and means for parsing through said lexical tokens using a grammar.
means for receiving an incoming network packet; and means for identifying protocol structure in said network packet including means for scanning to match patterns in its constituent data against plural regular expressions to produce lexical tokens and means for parsing through said lexical tokens using a grammar.
28. The classifier of claim 27 wherein said means for scanning includes a memory component configured with data to represent a deterministic finite automaton (DFA).
29. The classifier of claim 28 wherein said memory component is further configured to include said grammar.
30. The classifier of claim 27 wherein said regular expressions include arithmetic specifiers and said means for classifying includes an arithmetic logic unit configured to perform operations in accordance with said arithmetic specifiers.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/538,132 | 2000-03-29 | ||
| US09/538,132 US7185081B1 (en) | 1999-04-30 | 2000-03-29 | Method and apparatus for programmable lexical packet classifier |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2307529A1 true CA2307529A1 (en) | 2001-09-29 |
Family
ID=24145636
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002307529A Abandoned CA2307529A1 (en) | 2000-03-29 | 2000-05-04 | Method and apparatus for grammatical packet classifier |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2307529A1 (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003023553A2 (en) * | 2001-09-12 | 2003-03-20 | Raqia Networks Inc. | Method of generating a dfa state machine that groups transitions into classes in order to conserve memory |
| WO2004040427A1 (en) * | 2002-10-29 | 2004-05-13 | Lockheed Martin Corporation | Intrusion detection accelerator |
| WO2004079571A2 (en) * | 2003-02-28 | 2004-09-16 | Lockheed Martin Corporation | Hardware accelerator state table compiler |
| FR2856868A1 (en) * | 2003-06-30 | 2004-12-31 | Everbee Networks | METHOD AND SYSTEM FOR ANALYZING A DATA STREAM |
| EP1607823A2 (en) * | 2004-06-14 | 2005-12-21 | Lionic Corporation | Method and system for virus detection based on finite automata |
| US7216364B2 (en) | 2004-06-14 | 2007-05-08 | Lionic Corporation | System security approaches using state tables |
| CN100357846C (en) * | 2002-10-29 | 2007-12-26 | 洛克希德马丁公司 | Intrusion detection accelerator |
| US7596809B2 (en) | 2004-06-14 | 2009-09-29 | Lionic Corporation | System security approaches using multiple processing units |
| US7685637B2 (en) | 2004-06-14 | 2010-03-23 | Lionic Corporation | System security approaches using sub-expression automata |
| CN115801020A (en) * | 2023-02-13 | 2023-03-14 | 鹏城实验室 | Definite finite state automaton compression method, matching method, device and medium |
-
2000
- 2000-05-04 CA CA002307529A patent/CA2307529A1/en not_active Abandoned
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003023553A3 (en) * | 2001-09-12 | 2003-08-07 | Raqia Networks Inc | Method of generating a dfa state machine that groups transitions into classes in order to conserve memory |
| WO2003023553A2 (en) * | 2001-09-12 | 2003-03-20 | Raqia Networks Inc. | Method of generating a dfa state machine that groups transitions into classes in order to conserve memory |
| CN100357846C (en) * | 2002-10-29 | 2007-12-26 | 洛克希德马丁公司 | Intrusion detection accelerator |
| WO2004040427A1 (en) * | 2002-10-29 | 2004-05-13 | Lockheed Martin Corporation | Intrusion detection accelerator |
| AU2003277248B2 (en) * | 2002-10-29 | 2009-04-23 | Lockheed Martin Corporation | Intrusion detection accelerator |
| WO2004079571A2 (en) * | 2003-02-28 | 2004-09-16 | Lockheed Martin Corporation | Hardware accelerator state table compiler |
| WO2004079571A3 (en) * | 2003-02-28 | 2005-03-24 | Lockheed Corp | Hardware accelerator state table compiler |
| FR2856868A1 (en) * | 2003-06-30 | 2004-12-31 | Everbee Networks | METHOD AND SYSTEM FOR ANALYZING A DATA STREAM |
| WO2005004003A1 (en) * | 2003-06-30 | 2005-01-13 | Everbee Networks | Method and device for analysing a data stream |
| EP1607823A3 (en) * | 2004-06-14 | 2006-01-25 | Lionic Corporation | Method and system for virus detection based on finite automata |
| US7216364B2 (en) | 2004-06-14 | 2007-05-08 | Lionic Corporation | System security approaches using state tables |
| EP1607823A2 (en) * | 2004-06-14 | 2005-12-21 | Lionic Corporation | Method and system for virus detection based on finite automata |
| US7596809B2 (en) | 2004-06-14 | 2009-09-29 | Lionic Corporation | System security approaches using multiple processing units |
| US7685637B2 (en) | 2004-06-14 | 2010-03-23 | Lionic Corporation | System security approaches using sub-expression automata |
| CN115801020A (en) * | 2023-02-13 | 2023-03-14 | 鹏城实验室 | Definite finite state automaton compression method, matching method, device and medium |
| CN115801020B (en) * | 2023-02-13 | 2023-04-11 | 鹏城实验室 | Definite finite state automaton compression method, matching method, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7188168B1 (en) | Method and apparatus for grammatical packet classifier | |
| US7185081B1 (en) | Method and apparatus for programmable lexical packet classifier | |
| US10089086B2 (en) | Method and apparatus for compiling regular expressions | |
| CN101095310B (en) | Packet parsing processor and the method for parsing grouping in the processor | |
| US6954789B2 (en) | Method and apparatus for monitoring traffic in a network | |
| US9298437B2 (en) | Unrolling quantifications to control in-degree and/or out-degree of automaton | |
| EP2184687B1 (en) | Regular expression compiling system, matching system, compiling method and matching method | |
| US6771646B1 (en) | Associative cache structure for lookups and updates of flow records in a network monitor | |
| US7299282B2 (en) | State processor for pattern matching in a network monitor device | |
| US8599859B2 (en) | Iterative parsing and classification | |
| US20050012521A1 (en) | Methods and apparatuses for evaluation of regular expressions of arbitrary size | |
| Yazdinejad et al. | P4 to SDNet: Automatic generation of an efficient protocol-independent packet parser on reconfigurable hardware | |
| CA2307529A1 (en) | Method and apparatus for grammatical packet classifier | |
| WO2004079571B1 (en) | Hardware accelerator state table compiler | |
| TWI239475B (en) | A reconfigurable semantic processor | |
| US8705568B2 (en) | Hardware-based parser for packet-oriented protocols | |
| Zazo et al. | Automated synthesis of FPGA-based packet filters for 100 Gbps network monitoring applications | |
| US20030074458A1 (en) | Hybrid hardware/software packet filter | |
| Hjalmtysson et al. | Dynamic packet processors-A new abstraction for router extensibility | |
| CN109753285B (en) | XML (extensive markup language) parser and reconfigurable computing system based on FPGA (field programmable Gate array) | |
| Cho et al. | Context-free-grammar based token tagger in reconfigurable devices | |
| Minden et al. | Composite protocols for innovative active services | |
| Megacz | Scannerless boolean parsing | |
| Gelas et al. | Deploying OS Filtering Capabilities for the Improvement of Software Active Routers. | |
| Elliott | Implementing Reconfigurable Packet Matchers on Field-Programmable Gate Arrays |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |