Pipeline network processors are designed to forward Internet Protocol (IP) packets at an extremely high data rate in excess of two million packets per second. Pipeline network processors typically have a limited number of instruction cycles and memory to perform the applicable task. Implementing features or functions that do not fit the traditional packet forwarding model is a challenging endeavor and may have a negative impact on normal packet forwarding functions such as packet filtering and quality of service processing.
One of the seldom used features in a pipeline network processor is a wiretap or packet intercept function. Packet intercept provides support for a basic wiretap facility for voice over IP (VoIP) calls that is required by the United States Federal Communications Assistance for Law Enforcement Act. The wiretap facility is based on the Media Access Control (MAC) address of the customer premises equipment end user device. In a an environment that does not use a pipeline network processor, the source MAC address in the received packet is used to compare against the configured intercept MAC address list. For a packet being sent to a port, the packet's destination MAC address is used to compare against the configured intercept MAC address list. When a matching MAC address is found, a copy of the packet is encapsulated into a User Datagram Protocol (UDP) packet which is sent to a specified server at a given IP and port address.
Intercepting packets received from a port is a relatively simple operation in systems that use a central processing engine and not a pipeline network processor. The received packet contains the source MAC address needed for the comparison. However, processing of a received packet in a pipeline network processor is not necessarily a simple operation due to the limited instruction cycle available. Moreover, intercepting packets sent to a port is extremely difficult in a pipeline network processor. The destination MAC address for the comparison is not in the packet but rather in the outbound Layer 2 encapsulation. The packet's payload is appended to the outbound Layer 2 encapsulation just prior to being forwarded to the network media. At this point, it is too late to perform additional processing in the pipeline network processor for MAC address comparisons. Without major restructuring of the packet forwarding path, interception cannot be accomplished in a pipeline network processor. Therefore, it is desirable to perform packet intercept processing in a pipeline network processor without requiring major restructuring of the packet forwarding path.