-
公开(公告)号:US09426166B2
公开(公告)日:2016-08-23
申请号:US14015929
申请日:2013-08-30
申请人: Cavium, Inc.
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/0245
摘要: A method and corresponding apparatus for run time processing use a Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic. The DFA may be generated from selected subpatterns from all patterns in the set, and at least one NFA may be generated for at least one pattern in the set, optimizing run time performance of the run time processing.
摘要翻译: 用于运行时间处理的方法和相应装置使用确定性有限自动机(DFA)和非确定性有限自动机(NFA)来查找有效载荷中的模式的存在。 基于至少一个启发式,可以从一个或多个正则表达式模式的集合中的每个模式中选择子模式。 可以从集合中的所有模式的所选子模式生成DFA,并且可以为集合中的至少一个模式生成至少一个NFA,优化运行时处理的运行时间性能。
-
公开(公告)号:US09426165B2
公开(公告)日:2016-08-23
申请号:US14015248
申请日:2013-08-30
申请人: Cavium, Inc.
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/0245
摘要: A method and corresponding apparatus are provided implementing run time processing using Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic and a unified deterministic finite automata (DFA) may be generated using the subpatterns selected from all patterns in the set, and at least one non-deterministic finite automata (NFA) may be generated for at least one pattern in the set, optimizing run time performance of the run time processing.
摘要翻译: 提供了一种方法和相应的装置,其使用确定性有限自动机(DFA)和非确定性有限自动机(NFA)实现运行时处理,以找出有效载荷中的模式的存在。 可以基于至少一个启发式的一个或多个正则表达式模式的集合中的每个模式中的每个模式中选择子模式,并且可以使用从集合中的所有模式中选择的子模式来生成统一的确定性有限自动机(DFA),并且至少 可以为集合中的至少一个模式生成一个非确定性有限自动机(NFA),优化运行时处理的运行时间性能。
-
公开(公告)号:US09378033B2
公开(公告)日:2016-06-28
申请号:US14452873
申请日:2014-08-06
申请人: Cavium, Inc.
CPC分类号: G06F3/0622 , G06F3/0637 , G06F3/0644 , G06F3/0664 , G06F3/0683 , G06F9/455 , G06F9/45558 , G06F9/5077 , G06F12/0653 , G06F12/084 , G06F12/0897 , G06F12/14 , G06F12/1458 , G06F2009/45583 , G06F2212/1008 , G06F2212/152 , G06F2212/62
摘要: A virtual system on chip (VSoC) is an implementation of a machine that allows for sharing of underlying physical machine resources between different virtual systems. A method or corresponding apparatus of the present invention relates to a device that includes a plurality of virtual systems on chip and a configuring unit. The configuring unit is arranged to configure resources on the device for the plurality of virtual systems on chip as a function of an identification tag assigned to each virtual system on chip.
摘要翻译: 虚拟片上系统(VSoC)是允许在不同虚拟系统之间共享底层物理机器资源的机器的实现。 本发明的方法或对应的装置涉及一种包括多个芯片上的虚拟系统和配置单元的设备。 配置单元被配置为根据分配给芯片上的每个虚拟系统的识别标签来配置芯片上的多个虚拟系统的设备上的资源。
-
公开(公告)号:US20160070818A1
公开(公告)日:2016-03-10
申请号:US14632448
申请日:2015-02-26
申请人: Cavium, Inc.
IPC分类号: G06F17/30
CPC分类号: G06F17/30958 , G06F17/30327 , G06F17/30424 , G06F17/30961 , H04L63/0245 , H04L63/1416 , H04L69/22
摘要: A method and apparatus relate to recognizing anchored patterns from an input stream. Patterns from a plurality of given patterns are marked as anchored patterns. An anchored state tree for the anchored patterns of the plurality of given patterns is built, including nodes representing a state of the anchored state tree. For each node of the anchored state tree, a failure value equivalent to a node representing a state in an unanchored state tree representing unanchored patterns of the plurality of given patterns is determined.
摘要翻译: 一种方法和装置涉及从输入流识别锚定模式。 来自多个给定图案的图案被标记为锚定图案。 构建用于多个给定模式的锚定模式的锚定状态树,包括表示锚定状态树状态的节点。 对于锚定状态树的每个节点,确定等效于表示处于多个给定模式中的未锚定模式的未锚定状态树中的状态的节点的故障值。
-
公开(公告)号:US20160021123A1
公开(公告)日:2016-01-21
申请号:US14863816
申请日:2015-09-24
申请人: Cavium, Inc.
CPC分类号: H04L63/0254 , G06F16/9024 , H04L63/0245 , H04L63/1408 , H04L63/1416
摘要: In a processor of a security appliance, an input of a sequence of characters is walked through a finite automata graph generated for at least one given pattern. At a marked node of the finite automata graph, if a specific type of the at least one given pattern is matched at the marked node, the input sequence of characters is processed through a reverse non-deterministic finite automata (rNFA) graph generated for the specific type of the at least one given pattern by walking the input sequence of characters backwards through the rNFA beginning from an offset of the input sequence of characters associated with the marked node. Generating the rNFA for a given pattern includes inserting processing nodes for processing an input sequence of patterns to determine a match for the given pattern. In addition, the rNFA is generated from the given type of pattern.
摘要翻译: 在安全装置的处理器中,字符序列的输入通过为至少一个给定模式生成的有限自动机图。 在有限自动机图的标记节点处,如果在标记节点处匹配至少一个给定模式的特定类型,则通过针对该标记节点生成的反向非确定性有限自动机(rNFA)图来处理输入的字符序列 通过从与所标记的节点相关联的输入字符序列的偏移开始的rNFA向后移动输入的字符序列来指定至少一个给定模式的特定类型。 为给定模式生成rNFA包括插入用于处理输入模式序列的处理节点以确定给定模式的匹配。 此外,rNFA是从给定类型的模式生成的。
-
公开(公告)号:US09225643B2
公开(公告)日:2015-12-29
申请号:US14660132
申请日:2015-03-17
申请人: Cavium, Inc.
发明人: Rajan Goyal , Gregg A. Bouchard
IPC分类号: H04L12/741 , G06F13/16 , G06F12/08 , G06F12/02 , G06F12/04 , G06F12/06 , G06F12/00 , G06N5/02 , H04L12/26 , H04L29/06 , H04L12/747 , H04L12/851 , H04L12/801 , G06F9/50 , H04L29/08 , G06F9/46 , G11C7/10
CPC分类号: H04L63/06 , G06F3/0629 , G06F3/0647 , G06F9/46 , G06F9/5016 , G06F9/5027 , G06F11/203 , G06F12/00 , G06F12/0207 , G06F12/04 , G06F12/06 , G06F12/0623 , G06F12/0802 , G06F12/0868 , G06F12/126 , G06F13/16 , G06F13/1642 , G06N5/02 , G06N5/027 , G11C7/1075 , H04L43/18 , H04L45/742 , H04L45/745 , H04L47/2441 , H04L47/39 , H04L63/0227 , H04L63/0263 , H04L63/10 , H04L67/10 , H04L69/02 , H04L69/22 , Y02B70/30 , Y02B70/32 , Y02D10/14 , Y02D10/22
摘要: A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found.
摘要翻译: 分组处理器提供网络架构中分组的规则匹配。 分组处理器包括具有多个查找引擎和相应的片上存储器单元的查找集群复合体。 片上存储器存储与分组数据匹配的规则。 每个查找引擎接收与分组相关联的密钥请求,并且确定规则的子集以与分组数据匹配。 作为规则匹配的结果,查找引擎返回指示是否找到匹配的响应消息。
-
公开(公告)号:US09195939B1
公开(公告)日:2015-11-24
申请号:US13840867
申请日:2013-03-15
申请人: Cavium, Inc.
发明人: Rajan Goyal , Kenneth A. Bullis
IPC分类号: G06N5/02
CPC分类号: G06N5/045 , G06F17/30327 , G06N5/02
摘要: A root node of a decision tree data structure may cover all values of a search space used for packet classification. The search space may include a plurality of rules, the plurality of rules having at least one field. The decision tree data structure may include a plurality of nodes, the plurality of nodes including a subset of the plurality of rules. Scope in the decision tree data structure may be based on comparing a portion of the search space covered by a node to a portion of the search space covered by the node's rules. Scope in the decision tree data structure may be used to identify whether or not a compilation operation may be unproductive. By identifying an unproductive compilation operation it may be avoided, thereby improving compiler efficiency as the unproductive compilation operation may be time-consuming.
摘要翻译: 决策树数据结构的根节点可以覆盖用于分组分类的搜索空间的所有值。 搜索空间可以包括多个规则,该多个规则具有至少一个字段。 所述决策树数据结构可以包括多个节点,所述多个节点包括所述多个规则的子集。 决策树数据结构中的范围可以基于将节点覆盖的搜索空间的一部分与节点规则覆盖的搜索空间的一部分进行比较。 决策树数据结构中的范围可用于识别编译操作是否无效。 通过识别非生产性编译操作,可以避免这种情况,从而提高编译器的效率,因为非生产性编译操作可能是耗时的。
-
公开(公告)号:US20150186786A1
公开(公告)日:2015-07-02
申请号:US14143586
申请日:2013-12-30
申请人: Cavium, Inc.
IPC分类号: G06N5/04
CPC分类号: H04L63/0227 , G06F21/564 , G06N5/04
摘要: A method, and corresponding apparatus and system are provided for optimizing matching at least one regular expression pattern in an input stream by walking at least one finite automaton in a speculative manner. The speculative manner may include walking at least two nodes of a given finite automaton, of the at least one finite automaton, in parallel, with a segment, at a given offset within a payload of a packet in the input stream. The walking may include determining a match result for the segment, at the given offset within the payload, at each node of the at least two nodes. The walking may further include determining at least one subsequent action for walking the given finite automaton, based on an aggregation of each match result determined.
摘要翻译: 提供了一种方法和相应的装置和系统,用于通过以推测方式步行至少一个有限自动机来优化匹配输入流中的至少一个正则表达式模式。 推测性方式可以包括在输入流中的分组的有效载荷内的给定偏移处与所述段并行地行进所述至少一个有限自动机的给定有限自动机的至少两个节点。 步行可以包括在至少两个节点的每个节点处确定在有效载荷内的给定偏移处的段的匹配结果。 步行可以进一步包括基于确定的每个匹配结果的聚合来确定用于步行给定有限自动机的至少一个后续动作。
-
49.发明申请METHOD AND SYSTEM FOR SKIPPING OVER GROUP(S) OF RULES BASED ON SKIP GROUP RULE 有权基于组织规则划分的规则组合的方法和系统公开(公告)号:US20150186781A1
公开(公告)日:2015-07-02
申请号:US14145374
申请日:2013-12-31
申请人: CAVIUM, INC.
发明人: Rajan Goyal , Kenneth A. Bullis
CPC分类号: G06N5/04 , G06N99/005
摘要: A method and corresponding system for providing a skip group rule feature is disclosed. When a search for a key matches a skip group rule in a group of prioritized rules, the search skips over rules having priorities lower than the skip group rule and the search continues to a next group. A convenient example of a compiler rewrites the lower priority rules by subtracting the skip group rule from them. The subtraction includes subtracting range, exact-match, mask, and prefix fields. The rewritten rules appear to a search processor as typical rules. Beneficially, the search processor requires no additional logic to process a skip group rule, skip over lower priority rules, and go on to search a next group of rules. Advantageously, this approach enables any number of skip group rules to be defined allowing for better classification of network data.
摘要翻译: 公开了一种用于提供跳过组规则特征的方法和对应系统。 当搜索密钥与一组优先级规则中的跳过组规则相匹配时,搜索将跳过优先级低于跳过组规则的规则,并且搜索继续到下一组。 编译器的一个方便的示例通过从它们中减去跳过组规则来重写较低优先级的规则。 减法包括减去范围,精确匹配,掩码和前缀字段。 重写规则作为典型规则出现在搜索处理器中。 有利地,搜索处理器不需要额外的逻辑来处理跳过组规则,跳过较低优先权规则,并继续搜索下一组规则。 有利地,该方法使得能够定义任何数量的跳过组规则,允许更好地分类网络数据。
-
公开(公告)号:US09031075B2
公开(公告)日:2015-05-12
申请号:US14138931
申请日:2013-12-23
申请人: Cavium, Inc.
发明人: Rajan Goyal , Gregg A. Bouchard
IPC分类号: H04L12/56 , G06F9/46 , G06F13/16 , G06F12/08 , G06F12/02 , G06F12/04 , G06N5/02 , H04L12/26 , H04L29/06 , H04L12/747 , H04L12/851 , H04L12/801 , H04L12/741 , G06F9/50 , H04L29/08
CPC分类号: H04L63/06 , G06F3/0629 , G06F3/0647 , G06F9/46 , G06F9/5016 , G06F9/5027 , G06F11/203 , G06F12/00 , G06F12/0207 , G06F12/04 , G06F12/06 , G06F12/0623 , G06F12/0802 , G06F12/0868 , G06F12/126 , G06F13/16 , G06F13/1642 , G06N5/02 , G06N5/027 , G11C7/1075 , H04L43/18 , H04L45/742 , H04L45/745 , H04L47/2441 , H04L47/39 , H04L63/0227 , H04L63/0263 , H04L63/10 , H04L67/10 , H04L69/02 , H04L69/22 , Y02B70/30 , Y02B70/32 , Y02D10/14 , Y02D10/22
摘要: A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. A lookup front-end receives lookup requests from a host, and processes these lookup requests to generate key requests for forwarding to the lookup engines. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. The lookup front-end further processes the response message and provides a corresponding response to the host.
摘要翻译: 分组处理器提供网络架构中分组的规则匹配。 分组处理器包括具有多个查找引擎和相应的片上存储器单元的查找集群复合体。 片上存储器存储与分组数据匹配的规则。 查找前端从主机接收查询请求,并处理这些查找请求以产生转发到查找引擎的密钥请求。 作为规则匹配的结果,查找引擎返回指示是否找到匹配的响应消息。 查找前端进一步处理响应消息并向主机提供相应的响应。
-
-
-
-
-
-
-
-
-
搜索结果
104 条记录 (耗时 0.037 秒)
