Invention Grant
US09497119B2 Supporting access control list rules that apply to TCP segments belonging to ‘established’ connection
有权
支持适用于属于“已建立”连接的TCP段的访问控制列表规则
- Patent Title: Supporting access control list rules that apply to TCP segments belonging to ‘established’ connection
- Patent Title (中): 支持适用于属于“已建立”连接的TCP段的访问控制列表规则
-
Application No.: US14284811Application Date: 2014-05-22
-
Publication No.: US09497119B2Publication Date: 2016-11-15
- Inventor: Claude Basso , Joseph A. Kirscht , Natarajan Vaidhyanathan
- Applicant: International Business Machines Corporation
- Applicant Address: US NY Armonk
- Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Current Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Current Assignee Address: US NY Armonk
- Agency: Patterson + Sheridan, LLP
- Main IPC: H04L12/743
- IPC: H04L12/743 ; H04L12/26 ; H04L12/801 ; H04L29/06 ; H04L12/46
Abstract:
Embodiments presented herein provide a TCAM-based access control list that supports disjunction operations in rules. According to one embodiment, a numeric range table is tied to the access control list. Each entry in the numeric range table includes an encode field that provides for scanning TCP flags in a TCP header of an incoming Ethernet frame. Further, each entry provides a first mask and a second mask used to test for desired set and unset TCP flags in a given frame. Each entry also provides an operation field that performs a disjunction operation that compares the first mask, the second mask, and set TCP flags in a given frame.
Public/Granted literature
- US20150341269A1 SUPPORTING ACCESS CONTROL LIST RULES THAT APPLY TO TCP SEGMENTS BELONGING TO 'ESTABLISHED' CONNECTION Public/Granted day:2015-11-26
Information query
