1. Field of Invention
The invention relates in general to the field of software matching. More specifically, embodiments of the invention relate to methods and systems for managing network traffic in a network device based on matching criteria.
2. Description of the Background Art
Network devices are typically used to manage network traffic in a network. Each network device has an Access Control List (ACL) that determines which packets can traverse the network device. An incoming packet is allowed to traverse the network device if the objects associated with the packet conform to the rules of the ACL of the network device. The objects associated with the Transmission Control Packet [TCP] packet may be, for example, TCP flags, destination ports, and source ports.
The ACLs support matching criteria based on ‘OR’ing of objects associated with a packet in the network traffic. More specifically, the ACLs support matching on a combination of packet flags associated with the objects. This matching translates to an ‘OR’ condition. Therefore, an incoming packet is transmitted if any of the packet flag of the incoming packet matches a packet flag specified in the ACL. There may be a security loophole in case of a packet having all packet flags set, as at least one packet flag of the packet may match with the packet flag specified in the ACL. Further, the known ACLs do not support matching based on packet flags that are not set.