NETWORK ACCESS SECURITY FOR INTERNET OF THINGS (IoT) DEVICES
US-2017180380-A1 · Jun 22, 2017 · US
Filtering of packets for packet types at network devices
US10348684B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10348684-B2 |
| Application number | US-201615255095-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 1, 2016 |
| Priority date | Sep 1, 2016 |
| Publication date | Jul 9, 2019 |
| Grant date | Jul 9, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Examples include a network device to filter a packet for a packet type. The network device includes a filter to receive the packet and to determine whether the packet is a defined packet type. The network device also includes a Bloom filter to receive the packet from the filter based on the determination that the packet is a defined packet type and to determine whether the packet is a matched packet or an unmatched packet. A processing resource of the network device may receive the packet from the Bloom filter based on the determination that the packet is a matched packet and to determine whether the packet is an exact match.
First claim
Opening claim text (preview).
What is claimed is: 1. A network device to filter a packet for a packet type comprising: a filter to receive the packet and to determine whether the packet is a defined packet type; a Bloom filter to receive the packet from the filter based on the determination that the packet is a defined packet type and to determine whether the packet is a matched packet or an unmatched packet by comparing the packet against a list of domains comprising a blacklist of domains; and a processing resource to receive the packet from the Bloom filter based on the determination that the packet is a matched packet and to determine whether the packet is an exact match, wherein based on a determination that the packet is an exact match, the processing resource is to drop the packet and send an error message to indicate to a sender of the packet, and wherein based on a determination that the packet is an unmatched packet or based on a determination that the packet is not an exact match, the processing resource is to forward the packet to an SDN controller. 2. The network device of claim 1 , wherein the network device is an edge device, a switch, a router, or a combination thereof. 3. The network device of claim 1 , wherein the filter comprises a ternary content addressable memory (TCAM) filter, a look-up table, or hardcoded logic. 4. The network device of claim 1 , wherein the defined packet type is a domain name service (DNS) request. 5. The network device of claim 1 , wherein the Bloom filter is further to receive the list of domains from a software designed networking (SDN) controller and store the list of domains in a Bloom table. 6. The network device of claim 1 , wherein the Bloom filter is to determine whether the packet is a matched packet or an unmatched packet b comparing the packet a list of domains comprising a white list domains and wherein the Bloom filter is further to drop the packet based on the determination that the packet is an unmatched packet. 7. The network device of claim 6 , wherein the processing resource is further to, based on the determination that the packet is an exact match, forward the packet according to a normal forwarding procedure, and monitor each exact match. 8. The network device of claim 1 , wherein the Bloom filter is further to, based on the determination that the packet is an unmatched packet, forward the packet according to a normal forwarding procedure. 9. The network device of claim 1 , wherein the filter is further to forward the packet according to a normal forwarding procedure based on the determination that the packet is not a defined packet type. 10. A system filter a packet, the system comprising: a software defined networking (SDN) controller to control a list of domains and to selectively filter the packet, wherein the list of domains comprises a blacklist of domains; a network device to filter the packet for a packet type and to receive the list of domains from the SDN controller, the network device comprising: a ternary content addressable memory (TCAM) filter to receive the packet and to determine whether the packet is a defined packet type, wherein the defined packet type is a domain name service (DNS) request; a Bloom filter to receive the packet from the TCAM filter based on the determination that the packet type is a defined packet type and to compare the packet against the list of domains in a Bloom table to determine whether the packet is a matched packet or an unmatched packet; and a processing resource to receive the packet from the Bloom filter based on the determination that the packet is a matched packet and to determine whether the packet is an exact match, wherein based on a determination that the packet is an exact match, the processing resource is to drop the packet and send an error message to indicate an error to a sender of the packet, and wherein based on a determination that the packet is an unmatched packet or based on a determination that the packet is not an exact match, the packet is forwarded to the SDN controller. 11. The system of claim 10 , wherein the network device is an edge device, a switch, a router, or a combination thereof. 12. The system of claim 10 wherein the list comprises a whitelist of domains and based on the determination that the packet is an exact match, the processing resource is further to forward the packet according to a normal forwarding procedure to resolve the DNS request, and based on the determination that the packet is an unmatched packet or based on the determination that the packet is not an exact match, the packet is forwarded to the SDN controller. 13. A method of filtering a packet for a packet type at a network device, the method comprising: receiving the packet at a filter of the network device; determining, at the filter, whether the packet is a defined packet type; wherein the defined packet type is a domain name service (DNS) request; based on the determination t the packet is not a defined packet type, forwarding the packet according to a normal forwarding process; based on the determination that the packet is a defined packet type, receiving the packet at a Bloom filter of the network device from the filter; receiving, at the Bloom filter, a list of domains, wherein the list of domains comprises a blacklist of domains; determining, at the Bloom filter, whether the packet is a matched packet or an unmatched packet by comparing the packet against the list of domains; based on the determination that the packet is a matched packet, receiving the packet at a processing resource of the network device from the Bloom filter; and determining, at the processing resource, whether the packet is an exact match; based on the determination that the packet is an exact match, dropping the packet and sending an error message to indicate an error to a sender of the packet; and based on the determination that packet is an unmatched packet or a determination that the packet is not an exact match, forwarding the packet according to a normal forwarding procedure. 14. The method of claim 13 , wherein the list of domains comprises a whitelist of domains, and wherein the method further comprises: based on the determination that the packet is an unmatched packet or the determination that the packet is not an exact match, dropping the packet and sending an error message to indicate an error to a sender of the packet; and based on the determination that the packet is an exact match, forwarding the packet according to a normal forwarding procedure.
Assignees
Inventors
Classifications
Rule management · CPC title
- H04L63/0245Primary
Filtering by information in the payload · CPC title
Electricity · mapped topic
Access control lists [ACL] · CPC title
using content-addressable memories [CAM] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10348684B2 cover?
- Examples include a network device to filter a packet for a packet type. The network device includes a filter to receive the packet and to determine whether the packet is a defined packet type. The network device also includes a Bloom filter to receive the packet from the filter based on the determination that the packet is a defined packet type and to determine whether the packet is a matched p…
- Who is the assignee on this patent?
- Hewlett Packard Entpr Dev Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0245. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 09 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).