Claims
- 1. An apparatus to perform hardware-based lossless stateful signature matching, the apparatus comprising:
a memory; a plurality of finite state machine (FSM) comparison units operating in parallel to compare packets to a plurality of signatures to identify matches, if any, between data units in the packets and the plurality of signatures, wherein each of the FSM comparison units include FSMs having a plurality of states stored in the memory and at least one transition between pairs of states, and a transition to a new state results in a non-destructive additive operation being performed to store any previous state with the new state.
- 2. The system defined in claim 1 wherein at least one FSM comparison unit has a FSM having a plurality of states with a transition between pairs of the set of states, including an idle state, wherein each state is revisited only after transitioning through the idle state.
- 3. The system defined in claim 2 wherein transitions between the plurality of states includes only one transition from any one of the plurality of states back to the idle state.
- 4. The system defined in claim 1 wherein at least one FSM comparison unit has a FSM having a plurality of states with transitions therebetween, including an idle state, wherein the at least one FSM comparison unit transitions to the idle state in response to expiration of a time period.
- 5. The system defined in claim 4 wherein the time period corresponds to a timeout function responsive to the time associated with a most recent state transition.
- 6. The system defined in claim 5 wherein the most recent state transition is other than to the idle state.
- 7. The system defined in claim 1 wherein the new state is bitwise ORed with any previous state to prevent erasure of said any previous state.
- 8. The system defined in claim 1 wherein execution of at least one state causes storage of packets in memory.
- 9. The system defined in claim 8 wherein the packets are stored as a list.
- 10. The system defined in claim 8 wherein the memory comprises a first memory and a second memory, wherein the first memory is to store packets or portions of packets that match a signature designated as temporary and the second memory is to store packets or portions of packets that match a signature designated as final.
- 11. The system defined in claim 8 wherein execution of the at least one state causes storage of the packets or portions of the packets in either memories as a linked list.
- 12. The system defined in claim 11 wherein the linked list is stored in adjacent memory locations in the memory.
- 13. The system defined in claim 11 wherein the linked list is stored in non-adjacent memory locations in the memory.
- 14. The system defined in claim 11 wherein the linked list is limited to a predetermined number of items. Once the limit is reached, additional matching packets are not added to the linked list and are lost.
- 15. The system defined in claim 14 wherein a FSM comparison unit truncates the portions of one or more packets in the linked list so that the linked list is at no greater than the predetermined size.
- 16. The system defined in claim 15 wherein the predetermined size is equal to value plus a number of bytes compared to signatures prior to a match being identified.
- 17. The system defined in claim 15 wherein the predetermined size is equal to a number of total bytes
- 18. The system defined in claim 11 wherein the linked list is limited to a predetermined size plus the size of one element when the one element terminates the linked list.
- 19. The system defined in claim 11 wherein the FSM terminates the linked list upon storage of a packet identified as a match to one of the signatures.
- 20. The system defined in claim 11 wherein the linked list includes a first element and a last element, each of the first and last elements being packets that match to one of the signatures.
- 21. An apparatus to perform hardware-based lossless stateful signature matching, the apparatus comprising:
a memory; a plurality of finite state machine (FSM) comparison units operating in parallel to compare packets to a plurality of signatures to identify matches, if any, between data units in the packets and the plurality of signatures, wherein each of the FSM comparison units include FSMs having a plurality of states stored in the memory and at least one transition between pairs of states, and a transition to a new state results in a non-destructive bitwise ORing operation being performed to store any previous state with the new state, and further wherein at least one FSM comparison unit has a FSM having a plurality of states with a transition between pairs of the set of states, including an idle state, wherein each state is revisited only after transitioning through the idle state.
- 22. The system defined in claim 21 wherein transitions between the plurality of states includes only one transition from any one of the plurality of states back to the idle state.
- 23. The system defined in claim 21 wherein at least one FSM comparison unit has a FSM having a plurality of states with transitions therebetween, including an idle state, wherein the at least one FSM comparison unit transitions to the idle state in response to expiration of a time period.
- 24. The system defined in claim 23 wherein the time period corresponds to a timeout function responsive to the time associated with a most recent state transition.
- 25. The system defined in claim 23 wherein the most recent state transition is other than to the idle state.
- 26. The system defined in claim 21 wherein the new state is bitwise ORed with any previous state to prevent erasure of said any previous state.
- 27. The system defined in claim 21 wherein execution of at least one state causes storage of packets in memory.
- 28. The system defined in claim 27 wherein the packets are stored as a list.
- 29. The system defined in claim 27 wherein the memory comprises a first memory and a second memory, wherein the first memory is to store packets or portions of packets that match a signature designated as temporary and the second memory is to store packets or portions of packets that match a signature designated as final.
- 30. The system defined in claim 27 wherein execution of the at least one state causes storage of the packets or portions of the packets in either memories as a linked list.
- 31. The system defined in claim 30 wherein the linked list is stored in adjacent memory locations in the memory.
- 32. The system defined in claim 30 wherein the linked list is stored in non-adjacent memory locations in the memory.
- 33. The system defined in claim 30 wherein the linked list is limited to a predetermined number of items. Once the limit is reached, additional matching packets are not added to the linked list and are lost.
- 34. The system defined in claim 33 wherein a FSM comparison unit truncates the portions of one or more packets in the linked list so that the linked list is at no greater than the predetermined size.
- 35. The system defined in claim 34 wherein the predetermined size is equal to value plus a number of bytes compared to signatures prior to a match being identified.
- 36. The system defined in claim 34 wherein the predetermined size is equal to a number of total bytes
- 37. The system defined in claim 30 wherein the linked list is limited to a predetermined size plus the size of one element when the one element terminates the linked list.
- 38. The system defined in claim 30 wherein the FSM terminates the linked list upon storage of a packet identified as a match to one of the signatures.
- 39. The system defined in claim 30 wherein the linked list includes a first element and a last element, each of the first and last elements being packets that match to one of the signatures.
Parent Case Info
[0001] This application claims the benefit of U.S. Provisional Application No. 60/435,855 entitled “A DATA-PARALLEL PROCESSOR FOR HIGH-SPEED SIGNATURE MATCHING IN DESERIALIZED BIT STREAM,” filed Dec. 20, 2002; U.S. Provisional Application No. 60/462,118 entitled “LOSSLESS, STATEFUL, REAL-TIME PATTERN MATCHING WITH DETERMINISTIC MEMORY RESOURCES,” filed ______; and U.S. Provisional Application No. ______, entitled “LAYER-1 PACKET FILTERING,” filed Oct. 29, 2003, all of which are incorporated by reference.
Provisional Applications (2)
|
Number |
Date |
Country |
|
60435855 |
Dec 2002 |
US |
|
60462118 |
Apr 2003 |
US |