Method and device for intrusion detection in a computer network

What is claimed is: 1. A method for intrusion detection in a computer network, comprising the following steps: receiving a data packet at an input of a hardware switch that includes a plurality of ports to which a plurality of devices are network interconnectable by processing circuitry of the hardware switch, wherein the data packet includes a plurality of fields providing respective data link layer information and providing a hardware address; selecting, by the processing circuitry of the hardware switch, one of the plurality of ports via which to output from the hardware switch the data packet or a copy of the data packet as a function of the data link layer information and the hardware address; for each of the plurality of fields, comparing, by the processing circuitry of the hardware switch, a respective actual value of the respective field to a respective corresponding predefined setpoint value; and detecting, by the processing circuitry, whether there is an intrusion pattern in a network traffic in the computer network in response to satisfaction of a predefined condition that, for any individual one of the comparisons individually, a result of the respective comparison is that there is a predefined deviation of the respective actual value from the respective corresponding predefined setpoint value. 2. The method as recited in claim 1 , wherein the hardware switch includes a Ternary Content Addressable Memory in which a mask for one of the setpoint values is stored, and wherein one of the comparisons is a comparison of one of the actual values with the mask stored in the Ternary Content Addressable Memory. 3. The method as recited in claim 1 , wherein one of the setpoint values characterizes a hardware address from a memory of the hardware switch, and wherein the respective actual value that is compared to the hardware address characterizing setpoint value is determined by the processing circuitry from a hardware address field of the data packet. 4. The method as recited in claim 1 , wherein one of the setpoint values characterizes a Medium Access Control address from a memory of the hardware switch, and wherein the respective actual value that is compared to the hardware address characterizing setpoint value is determined by the processing circuitry from a Medium Access Control address field of the data packet. 5. The method as recited in claim 1 , wherein one of the setpoint values characterizes a Virtual Local Area Network and is determined by the processing circuitry from a memory of the hardware switch, and wherein the respective actual value that is compared to the setpoint value characterizing the Virtual Local Area Network characterizes an association of the data packet with the Virtual Local Area Network. 6. The method as recited in claim 1 , wherein a result of one of the performed comparisons produces a result that indicates, as the deviation, presence of a tagged Virtual Logical Area Network data packet when the computer network is an untagged Virtual Logical Area Network, or presence of an untagged Virtual Logical Area Network data packet when the computer network is a tagged Virtual Logical Area Network. 7. The method as recited in claim 1 , wherein a result of one of the performed comparisons produces a result that indicates, as the deviation, presence in the data packet of an unknown Ethernet type, or a false checksum, or a false packet length, or a false packet structure. 8. The method as recited in claim 1 , wherein presence of the deviation is detected when: (i) the processing circuitry establishes that the data packet is a Dynamic Host Configuration Protocol packet for Internet Protocol Version 4 and/or for Internet Protocol Version 6 including Dynamic Host Configuration Protocol port 67 and/or port 68; or (ii) the processing circuitry establishes that the data packet provides a Transmission Control Protocol or User Datagram Protocol Broadcast message for Internet Protocol Version 4 and/or for Internet Protocol Version 6; or (iii) the processing circuitry establishes a Precision Time Protocol message, the content of which, including time stamp, sequence number, and correction field, is stored at least temporarily in a register for context information. 9. The method as recited in claim 1 , wherein for each of at least one of the comparisons, the respective predefined deviation whose presence is determined is a predefined threshold amount of deviation. 10. A device for intrusion detection in a computer network, the device comprising: a system on a chip system, which includes a hardware switch, the hardware switch including processing circuitry and a plurality of ports to which a plurality of devices are network interconnectable by the processing circuitry of the hardware switch, wherein: in response to receipt, at an input of the hardware switch, of a data packet that includes a plurality of fields providing respective data link layer information and providing a hardware address, the processing circuitry is configured to select one of the plurality of ports via which to output from the hardware switch the data packet or a copy of the data packet as a function of the data link layer information and the hardware address; for each of the plurality of fields, the processing circuitry is configured to compare a respective actual value of the respective field to a respective corresponding predefined setpoint value; and the processing circuitry is configured to detect whether there is an intrusion pattern in a network traffic in the computer network in response to satisfaction of a predefined condition that, for any individual one of the comparisons individually, a result of the respective comparison is that there is a predefined deviation of the respective actual value from the respective corresponding predefined setpoint value. 11. The device as recited in claim 10 , wherein the hardware switch includes a Ternary Content Addressable Memory, and/or an Address Translation Unit, and/or a Virtual Local Area Network Translation Unit, and/or a Dynamic Host Configuration Protocol filter, and/or a Transmission Control Protocol or User Datagram Protocol filter, and/or a Precision Time Protocol filter with which the processing circuitry is configured to check the data packet for the intrusion detection. 12. A non-transitory computer-readable memory medium on which is stored a computer program that is executable by a computer of a hardware switch, the hardware switch including a plurality if ports to which a plurality of devices are network interconnectable by the computer of the hardware switch, the computer program, when executed by the computer, causing the computer to perform a method for intrusion detection in a computer network, the method comprising the following steps: in response to receipt, at an input of the hardware switch, of a data packet that includes a plurality of fields providing respective data link layer information and providing a hardware address, selecting one of the plurality of ports via which to output from the hardware switch the data packet or a copy of the data packet as a function of the data link layer information and the hardware address; for each of the plurality of fields, comparing a respective actual value of the respective field to a respective corresponding predefined setpoint value; and detecting whether there is an intrusion pattern in a network traffic in the computer network in response to satisfaction of a predefined condition that, for any individual one of the comparisons individually, a result of the respective comparison is that there is a predefined deviation of the respective actual value from the respective corresponding