Supporting access control list rules that apply to TCP segments belonging to ‘established’ connection

发明授权

US09497119B2 Supporting access control list rules that apply to TCP segments belonging to ‘established’ connection 有权

标题翻译：支持适用于属于“已建立”连接的TCP段的访问控制列表规则

请登陆查看更多内容

专利标题： Supporting access control list rules that apply to TCP segments belonging to ‘established’ connection
专利标题（中）： 支持适用于属于“已建立”连接的TCP段的访问控制列表规则
申请号： US14284811

申请日： 2014-05-22
公开(公告)号： US09497119B2

公开(公告)日： 2016-11-15
发明人: Claude Basso , Joseph A. Kirscht , Natarajan Vaidhyanathan
申请人： International Business Machines Corporation
申请人地址： US NY Armonk
专利权人： INTERNATIONAL BUSINESS MACHINES CORPORATION
当前专利权人： INTERNATIONAL BUSINESS MACHINES CORPORATION
当前专利权人地址： US NY Armonk
代理机构： Patterson + Sheridan, LLP
主分类号： H04L12/743
IPC分类号： H04L12/743 ; H04L12/26 ; H04L12/801 ; H04L29/06 ; H04L12/46

Supporting access control list rules that apply to TCP segments belonging to ‘established’ connection

摘要：

Embodiments presented herein provide a TCAM-based access control list that supports disjunction operations in rules. According to one embodiment, a numeric range table is tied to the access control list. Each entry in the numeric range table includes an encode field that provides for scanning TCP flags in a TCP header of an incoming Ethernet frame. Further, each entry provides a first mask and a second mask used to test for desired set and unset TCP flags in a given frame. Each entry also provides an operation field that performs a disjunction operation that compares the first mask, the second mask, and set TCP flags in a given frame.

摘要（中）：

本文呈现的实施例提供了一种基于TCAM的访问控制列表，其支持规则中的分离操作。根据一个实施例，数字范围表被绑定到访问控制列表。数字范围表中的每个条目都包含一个编码字段，用于在进入的以太网帧的TCP报头中扫描TCP标志。此外，每个条目提供第一掩码和第二掩码，用于在给定帧中测试所需的设置和未设置TCP标志。每个条目还提供一个操作字段，该操作字段执行比较第一个掩码，第二个掩码和给定帧中的设置TCP标志的分离操作。

公开/授权文献

US20150341269A1 SUPPORTING ACCESS CONTROL LIST RULES THAT APPLY TO TCP SEGMENTS BELONGING TO 'ESTABLISHED' CONNECTION 公开/授权日：2015-11-26

信息查询

Espacenet