| Network data packet classification and demultiplexing -> Monitor Keywords |
|
|
 
Network data packet classification and demultiplexingRelated Patent Categories: Multiplex Communications, Network Configuration DeterminationNetwork data packet classification and demultiplexing description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20070195714, Network data packet classification and demultiplexing. Brief Patent Description - Full Patent Description - Patent Application Claims
FIELD OF THE INVENTION [0001] The present invention is directed to the field of packet communication. It is more particularly directed to classification and demultiplexing of network communication packets processed in a network protocol stack. BACKGROUND OF THE INVENTION [0002] Communication over a network often requires the information that is to be transported from one computer to another be divided into network communication packets. These network communication packets, simply referred to as "packets", are transported across the physical communication network. [0003] The information originating from an application program becomes packetized into network communication packets by passing through various software components before arriving at the network interface card for transmission on the physical communications network. These software components are typically layered to form what is known as the network protocol stack. Each layer is responsible for a different facet of communication. For example, the TCP/IP protocol stack is normally split into four layers: link, network, transport and application. FIG. 1 shows the relationship between the protocol layers and the TCP/IP protocol stack. The link layer 101 is responsible for placing data on the physical network. The network layer 102 is responsible for routing. The transport layer 103 is responsible for the communication between two hosts. The application layer 104 is responsible for processing the application specific data. [0004] For example, FIG. 2 illustrates the stages of an HTTP request being encapsulated before being sent to a web server. As the request descends the protocol stack, each layer 201-204 encapsulates the packet adding its own header. When the HTTP packet arrives at the destination address, each protocol layer uses information within its header to classify the incoming packet amongst all the protocols in the layer above it. This process is commonly referred to as demultiplexing. [0005] At each layer in the network protocol stack, the packet is demultiplexed or "classified" based on information about the packet that is contained in the headers or from information inside the data portion of the packet itself. The packet is processed differently based on its classification. [0006] For example, FIG. 3 illustrates how this classification is done for an incoming HTTP request 301. The Ethernet driver 302, in the link layer 300, classifies the packet based on frame type in the Ethernet header and passes it to IPv4 312 in the network layer 310. IPv4 312 classifies the packet based on the IP header protocol value in the IP header and passes it to TCP 323 in the transport layer 320. TCP classifies the packet based on the destination port number in the TCP header and passes it to the HTTP server 332 in the application layer 330. [0007] Traditional packet classification systems, as found in BPF, DPF, Pathfinder, Router Plugins, operating systems and many firewalls, are limited to a set of fixed pattern matching rules. This allows a user to intercept/process any packet that matches the desired set of values in the appropriate byte ranges (usually a combination of the IP and the protocol header fields, such as source/destination address, protocol or source/destination ports). These packets are then passed to a software module that processes the packets and can modify, forward, drop or delay them. Stateful packet filtering systems generally have the ability to generate and add rules dynamically based on application traffic. However, such systems do not provide simple methods to extend packet processing to understand new application protocols. [0008] These traditional systems may work well for applications that use a single connection to a well known destination address and port. However, many modern applications initially use a well known service port for the control session and then use additional connections on ephemeral port numbers for each data stream. Examples of such applications are FTP, Real Audio and H.323. To support these applications efficiently, the traditional systems must allow packet matching filter rules to be updated dynamically and quickly. In addition, some modern protocols have abandoned using fixed format headers and fixed sized fields. For example, HTTP makes its header human readable by encoding them as strings. SUMMARY OF THE INVENTION [0009] It is thus an aspect of the present invention to provide greater flexibility in classifying and demultiplexing packets in the network protocol stack. As a result, it provides a method for application level classification. This is due to classifying techniques and a modular structure described subsequently. [0010] Another aspect of the present invention provides easier extendibility for packet processing in the network protocol stack by defining a standard method for adding new functionality or support for new protocols and applications. [0011] Another aspect of the present invention provides methods and apparatus to obtain external information, from an application scheduled outside of the forwarding or interrupt context of the kernel, in order to augment packet classification and/or disposition. [0012] An example embodiment of the present invention is a method for classifying a data packet. The method includes the steps of: receiving the packet at a root node of a classification tree; passing the packet to a first child node of a first tree level of the classification tree indicating a satisfaction of a node-criteria of the first child node; the first child node forming the data packet into a matched packet; and repeating the step of passing and forming for a next tree level until no first child node of the next level at a succeeding next level indicates satisfaction of the node-criteria of the first child node of the next level. [0013] In some embodiments the step of indicating includes the step of executing a set of code which returns a status indication of the type; and/or the step of indicating satisfaction of a criteria includes the steps of executing a set of code which identifies the desired packet and returning a status indication; and/or the step of forming the data packet into a matched packet includes the step of indicating satisfaction; and/or the step of repeating the step of passing and the step forming includes the steps of indicating and returning a status indication of NO_Match. [0014] In some embodiments of the method, the method further includes: the step of adding at least one new child node; and/or one new child node is a Real Audio node; and/or the method is extendible such that one or more nodes are dynamically added at any level; parsing the matched packet and generating relevant information; transforming the matched packet into a transformed packet; and/or associating the packet at a last first child node indicating satisfaction; executing a set of code in accordance with the last first child node; and/or the step of forming includes the first child node specifying a set of code to be run subsequently; and/or the step specifying specifies the set of code to be run following classification. [0015] Another example embodiment of the present invention is a method which uses an external process for classifying a packet. This method includes the steps of suspending a classification process in progress for the packet, and obtaining external information employed in the classifying. This is performed by an application scheduled outside of the forwarding or interrupt context of the kernel. [0016] In some embodiments of the method, the step of suspending includes the steps of queuing any data, including information about the packet or its present classification; and/or transferring said data to an application that is scheduled outside of the forwarding or interrupt context of the kernel. [0017] In some embodiments of the method, the step of obtaining external information includes augmenting a node-criteria of a node in a classification tree with additional information; and/or the external information includes authentication of an originator of the packet; the classification process is an extendible classifier process (In one application, a process is extendible by adding a new child node); and/or the step of specifying includes enforcement of a site policy. A site policy is composed of a number of different aspects including security. The security aspect of a site policy may be based on packet classification and authentication information. [0018] Another aspect of the present invention is a method for determining disposition of an original packet received at a child node. The method includes the step of passing the original packet and a first disposition of the original packet to an external process, and the external process augmenting the original packet and/or augmenting the first disposition by employing a process specific means and returning an augmented packet and an augmented disposition to the child node. Some embodiments of the method include suspending a disposition process in progress for the original packet; and/or the augmented disposition includes identification of and/or authentication of an originator of said packet. BRIEF DESCRIPTION OF THE DRAWINGS [0019] These and other aspects, features, and advantages of the present invention will become apparent upon further consideration of the following detailed description of the invention when read in conjunction with the drawing figures, in which: [0020] FIG. 1 shows the relationship between the protocol layers and the TCP/IP protocol stack; Continue reading about Network data packet classification and demultiplexing... Full patent description for Network data packet classification and demultiplexing Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Network data packet classification and demultiplexing patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Network data packet classification and demultiplexing or other areas of interest. ### Previous Patent Application: Mobile subscriber network and resource management method Next Patent Application: Spatio-temporal and context-based indexing and representation of subterranean networks and means for doing the same Industry Class: Multiplex communications ### FreshPatents.com Support Thank you for viewing the Network data packet classification and demultiplexing patent info. IP-related news and info Results in 0.16431 seconds Other interesting Feshpatents.com categories: Tyco , Unilever , Warner-lambert , 3m 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
