The present invention is directed to the field of computer networking, and more particularly, to the field of network packet processing.
In computer networks, information can be transmitted between two connected computer systems, herein termed the xe2x80x9csourcexe2x80x9d and xe2x80x9cdestinationxe2x80x9d computer systems. A particular pair of computer systems exchanging information are said to be engaged in a xe2x80x9csession.xe2x80x9d
Many protocols are available for formatting and transmitting this information, such as Transmission Control Protocol (xe2x80x9cTCPxe2x80x9d), defined in Internet Requests for Comment 675, 761, and 793, currently available at ftp://ftp.isi.edu/in-notes/rfc675.txt, ftp://ftp.isi.edu/in-notes/rfc761.txt, and ftp://ftp.isi.edu/innotes/rfc793.txt, respectively; and User Datagram Protocol (xe2x80x9cUDPxe2x80x9d), defined in Internet RFC 768, currently available at ftp://ftp.isi.edu/in-notes/rfc768.txt.
Protocols such as TCP and UDP generally specify dividing a body of information to be transmitted into a number of pieces, called xe2x80x9cpackets,xe2x80x9d attaching to each packet a xe2x80x9cheaderxe2x80x9d containing additional information about the packet, and sending these packets from the source computer system to the destination computer system. Both of the above protocols specify including in each packet header a numerical network address of the source computer system and the destination computer system. They additionally each specify including in each packet header a xe2x80x9cport numberxe2x80x9d for each the source and destination computer system that allows these computer systems to differentiate between packets arriving for different purposes.
In many cases, it is useful to track packets based on the particular network session that they are part of. Packet classification of this sort may be used, for example, to perform packet filteringxe2x80x94determining, for packets addressed to a protected computer system, which to forward to the protected computer system and which to discard. Such classification may also be used to selectively perform packet modification, such as reformatting packet contents, or to perform network traffic analysis. Unfortunately, existing approaches to classifying packets to identify the network sessions to which they belong each have significant disadvantages. Accordingly, a new, more effective approach to classifying packets to identify the network sessions to which they belong would have considerable utility.