-
公开(公告)号:US10002326B2
公开(公告)日:2018-06-19
申请号:US14252293
申请日:2014-04-14
申请人: Cavium, Inc.
CPC分类号: G06N5/047 , G06N5/00 , H04L63/1408
摘要: At least one per-pattern non-deterministic finite automaton (NFA) may be generated for a single regular expression pattern and may include a respective set of nodes. Nodes of the respective set of nodes of each per-pattern NFA generated may be distributed for storing in a plurality of memories based on hierarchical levels mapped to the plurality of memories and per-pattern NFA storage allocation settings configured for the hierarchical levels, optimizing run time performance for matching regular expression patterns in an input stream.
-
公开(公告)号:US09823895B2
公开(公告)日:2017-11-21
申请号:US14252354
申请日:2014-04-14
申请人: Cavium, Inc.
发明人: Rajan Goyal , Satyanarayana Lakshmipathi Billa , Yossef Shanava , Timothy Toshio Nakada , Abhishek Dikshit
CPC分类号: G06F5/14 , G06F9/3885 , G06F13/28 , G06F17/30985 , G06F21/567 , G06F2205/126 , G06F2213/2806 , H04L41/28 , H04L63/1408
摘要: Matching at least one regular expression pattern in an input stream may be optimized by initializing a search context in a run stack based on (i) partial match results determined from walking segments of a payload of a flow through a first finite automation and (ii) a historical search context associated with the flow. The search context may be modified via push or pop operations to direct at least one processor to walk segments of the payload through the at least one second finite automation. The search context may be maintained in a manner that obviates overflow of the search context and obviating stalling of the push or pop operations to increase match performance.
-
公开(公告)号:US09762544B2
公开(公告)日:2017-09-12
申请号:US14863484
申请日:2015-09-24
申请人: Cavium, Inc.
CPC分类号: H04L63/0254 , G06F17/30958 , H04L63/0245 , H04L63/1408 , H04L63/1416
摘要: In a processor of a security appliance, an input of a sequence of characters is walked through a finite automata graph generated for at least one given pattern. At a marked node of the finite automata graph, if a specific type of the at least one given pattern is matched at the marked node, the input sequence of characters is processed through a reverse non-deterministic finite automata (rNFA) graph generated for the specific type of the at least one given pattern by walking the input sequence of characters backwards through the rNFA beginning from an offset of the input sequence of characters associated with the marked node. Generating the rNFA for a given pattern includes inserting processing nodes for processing an input sequence of patterns to determine a match for the given pattern. In addition, the rNFA is generated from the given type of pattern.
-
公开(公告)号:US20170024159A1
公开(公告)日:2017-01-26
申请号:US15192214
申请日:2016-06-24
申请人: Cavium, Inc.
IPC分类号: G06F3/06 , G06F12/0897 , G06F12/14 , G06F12/084
CPC分类号: G06F3/0622 , G06F3/0637 , G06F3/0644 , G06F3/0664 , G06F3/0683 , G06F9/455 , G06F9/45558 , G06F9/5077 , G06F12/0653 , G06F12/084 , G06F12/0897 , G06F12/14 , G06F12/1458 , G06F2009/45583 , G06F2212/1008 , G06F2212/152 , G06F2212/62
摘要: A virtual system on chip (VSoC) is an implementation of a machine that allows for sharing of underlying physical machine resources between different virtual systems. A method or corresponding apparatus of the present invention relates to a device that includes a plurality of virtual systems on chip and a configuring unit. The configuring unit is arranged to configure resources on the device for the plurality of virtual systems on chip as a function of an identification tag assigned to each virtual system on chip.
摘要翻译: 虚拟片上系统(VSoC)是允许在不同虚拟系统之间共享底层物理机器资源的机器的实现。 本发明的方法或对应的装置涉及一种包括多个芯片上的虚拟系统和配置单元的设备。 配置单元被配置为根据分配给芯片上的每个虚拟系统的识别标签来配置芯片上的多个虚拟系统的设备上的资源。
-
公开(公告)号:US09419943B2
公开(公告)日:2016-08-16
申请号:US14143586
申请日:2013-12-30
申请人: Cavium, Inc.
CPC分类号: H04L63/0227 , G06F21/564 , G06N5/04
摘要: A method, and corresponding apparatus and system are provided for optimizing matching at least one regular expression pattern in an input stream by walking at least one finite automaton in a speculative manner. The speculative manner may include walking at least two nodes of a given finite automaton, of the at least one finite automaton, in parallel, with a segment, at a given offset within a payload of a packet in the input stream. The walking may include determining a match result for the segment, at the given offset within the payload, at each node of the at least two nodes. The walking may further include determining at least one subsequent action for walking the given finite automaton, based on an aggregation of each match result determined.
摘要翻译: 提供了一种方法和相应的装置和系统,用于通过以推测方式步行至少一个有限自动机来优化匹配输入流中的至少一个正则表达式模式。 推测性方式可以包括在输入流中的分组的有效载荷内的给定偏移处与所述段并行地行进所述至少一个有限自动机的给定有限自动机的至少两个节点。 步行可以包括在至少两个节点的每个节点处确定在有效载荷内的给定偏移处的段的匹配结果。 步行可以进一步包括基于确定的每个匹配结果的聚合来确定用于步行给定有限自动机的至少一个后续动作。
-
公开(公告)号:US20150288700A1
公开(公告)日:2015-10-08
申请号:US14583968
申请日:2014-12-29
申请人: Cavium, Inc.
发明人: Gregg A. Bouchard , Rajan Goyal
IPC分类号: H04L29/06
CPC分类号: H04L63/101 , H04L45/60 , H04L45/742 , H04L45/7457 , H04L47/2441 , H04L63/0227 , H04L63/08 , H04L63/102 , H04L67/327 , H04L69/22
摘要: A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. Based on a prefetch status, a selection of the subset of rules are retrieved for rule matching. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found.
摘要翻译: 分组处理器提供网络架构中分组的规则匹配。 分组处理器包括具有多个查找引擎和相应的片上存储器单元的查找集群复合体。 片上存储器存储与分组数据匹配的规则。 每个查找引擎接收与分组相关联的密钥请求,并确定规则的子集以与分组数据匹配。 基于预取状态,检索规则子集的选择用于规则匹配。 作为规则匹配的结果,查找引擎返回指示是否找到匹配的响应消息。
-
公开(公告)号:US20150189046A1
公开(公告)日:2015-07-02
申请号:US14145918
申请日:2013-12-31
申请人: CAVIUM, INC.
IPC分类号: H04L29/06
CPC分类号: H04L69/22 , H04L47/2441
摘要: A multi-rule approach for encoding rules grouped in a rule chunk is provided. The approach includes a multi-rule with a multi-rule header representing headers of the rules and, in some cases, dimensional data representing dimensional data of the rules. The approach further includes disabling dimension matching of always matching dimensions, responding to an always match rule with a match response without matching, interleaving minimum/maximum values in a range field, interleaving value/mask values in a mask field, and for a given rule of rule chunk, encoding a priority field at the end of dimension data stored for the rule in the multi-rule. Advantageously, this approach provides efficient storage of rules and enables the efficient comparison of rules to keys.
摘要翻译: 提供了一种用于编码分组在规则块中的规则的多规则方法。 该方法包括具有表示规则的头部的多规则标题的多规则,在某些情况下,表示规则的维度数据的维度数据。 该方法还包括禁用总是匹配的维度的维度匹配,响应于具有匹配响应的总是匹配规则而不匹配,交织范围字段中的最小/最大值,交织掩码字段中的值/掩码值以及给定规则 的规则块,编码在多规则中为规则存储的维度数据的末尾的优先级字段。 有利地,这种方法提供了规则的有效存储并使得能够有效地将规则与密钥进行比较。
-
公开(公告)号:US20150067863A1
公开(公告)日:2015-03-05
申请号:US14015929
申请日:2013-08-30
申请人: Cavium, Inc.
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/0245
摘要: A method and corresponding apparatus for run time processing use a Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic. The DFA may be generated from selected subpatterns from all patterns in the set, and at least one NFA may be generated for at least one pattern in the set, optimizing run time performance of the run time processing.
摘要翻译: 用于运行时间处理的方法和相应装置使用确定性有限自动机(DFA)和非确定性有限自动机(NFA)来查找有效载荷中的模式的存在。 基于至少一个启发式,可以从一个或多个正则表达式模式的集合中的每个模式中选择子模式。 可以从集合中的所有模式的所选子模式生成DFA,并且可以为集合中的至少一个模式生成至少一个NFA,优化运行时处理的运行时间性能。
-
公开(公告)号:US20150067776A1
公开(公告)日:2015-03-05
申请号:US14015248
申请日:2013-08-30
申请人: Cavium, Inc.
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/0245
摘要: A method and corresponding apparatus are provided implementing run time processing using Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic and a unified deterministic finite automata (DFA) may be generated using the subpatterns selected from all patterns in the set, and at least one non-deterministic finite automata (NFA) may be generated for at least one pattern in the set, optimizing run time performance of the run time processing.
摘要翻译: 提供了一种方法和相应的装置,其使用确定性有限自动机(DFA)和非确定性有限自动机(NFA)实现运行时处理,以找出有效载荷中的模式的存在。 可以基于至少一个启发式的一个或多个正则表达式模式的集合中的每个模式中的每个模式中选择子模式,并且可以使用从集合中的所有模式中选择的子模式来生成统一的确定性有限自动机(DFA),并且至少 可以为集合中的至少一个模式生成一个非确定性有限自动机(NFA),优化运行时处理的运行时间性能。
-
公开(公告)号:US20150067200A1
公开(公告)日:2015-03-05
申请号:US14252354
申请日:2014-04-14
申请人: Cavium, Inc.
发明人: Rajan Goyal , Satyanarayana Lakshmipathi Billa , Yossef Shanava , Timothy Toshio Nakada , Abhishek Dikshit
CPC分类号: G06F5/14 , G06F9/3885 , G06F13/28 , G06F17/30985 , G06F21/567 , G06F2205/126 , G06F2213/2806 , H04L41/28 , H04L63/1408
摘要: Matching at least one regular expression pattern in an input stream may be optimized by initializing a search context in a run stack based on (i) partial match results determined from walking segments of a payload of a flow through a first finite automation and (ii) a historical search context associated with the flow. The search context may be modified via push or pop operations to direct at least one processor to walk segments of the payload through the at least one second finite automation. The search context may be maintained in a manner that obviates overflow of the search context and obviating stalling of the push or pop operations to increase match performance.
摘要翻译: 可以通过基于(i)通过第一有限自动化的流的有效载荷的步行段确定的部分匹配结果来初始化运行堆栈中的搜索上下文来优化输入流中的至少一个正则表达式模式,以及(ii) 与流相关联的历史搜索上下文。 搜索上下文可以通过推送或弹出操作进行修改,以引导至少一个处理器通过至少一个第二有限自动化来移动有效载荷的段。 可以以避免搜索上下文溢出的方式来维护搜索上下文,并且避免推送或弹出操作的停止以增加匹配性能。
-
-
-
-
-
-
-
-
-
搜索结果
104 条记录 (耗时 0.038 秒)
