1. Field of the Invention
This invention relates generally to network processor devices, and more specifically, to a mechanism employed in network processor devices for supporting complex packet handling rules.
2. Discussion of the Prior Art
A simple definition of the tasks performed by a xe2x80x9cnetworkingxe2x80x9d device (such as, but not limited to, an IP router, switch or firewall) is as follows: 1) accepting packets as input; and, 2) based on information in the packet or on the packet""s origin, deciding what to do with the packet. As defined herein, the assessment made on packets is termed xe2x80x9cPacket Classificationxe2x80x9d and, the unit of software and hardware that classifies packets and applies result of the classification to the packet is a xe2x80x9cClassifierxe2x80x9d. FIG. 1 is a general block diagram depicting a network processor device 100 including a Classifier device 105. Generally, as shown in FIG. 1, a plurality of rules 110 are entered into a Classifier rule list (or tree) 125 by a user program 115, and a packet handler device 130 interrogates this list 125 when processing a packet to find rules appropriate for the packet.
Each rule in the Classifier rule list 125 includes instructions on how to identify matching packets, and information on how to process the packet, i.e., what actions to take. To identify packets, certain bits (or fields) in a packet and information related to the packet""s origin or destination are used. These fields are extracted from a packet and combined to form a xe2x80x9ckeyxe2x80x9d 131 which may be used to search the classifier rule list 125. The key fields, obviously, also define the comparison information (herein referred to as xe2x80x9crule descriptionxe2x80x9d) found in the Classifier rules. As mentioned, rule descriptions may include multiple fields. An example is the classic IP 5-tuple which includes IP source Address (SA), IP Destination Address (DA), Source Port (SP), Destination Port, and IP protocol. It is understood that other fields may also be included. Additionally, the individual fields may be expressed as exact values (DA=1.25.77.1), value and mask (1.25.77.*;255.255.255*), or ranges (1.25.77.1 less than DA less than 1.25.77.9).
As depicted in FIGS. 2(a)-2(c), rule descriptions in any two rules may intersect with each other. For example, as shown in FIG. 2(a), a rule description for Rule 1 intersects a rule description for Rule 2, whereas in FIG. 2(b) both Rules 1 and 2 are identical. In FIG. 2(c), Rule 1 includes a whole Rule 2.
Instructions, found in the Classifier rule, define how to process a matching packet. The instructions are expressed in terms of an action xe2x80x9ctypexe2x80x9d and parameters (data) corresponding to that type. The instructions might have filtering, quality of services (QoS), redirection, or other attributes (characteristics). Values for filtering may include xe2x80x9cpermitxe2x80x9d or xe2x80x9cdenyxe2x80x9d. Values of QOS might include on which queue to place the packet, or how to re-mark the packet. Redirection instructions may include where a particular packet should be sent.
It would be highly desirable to provide a mechanism for defining the types of actions that must be applied to packets processed by a networking device and which define the set of action attributes (characteristics) that may be associated with individual packet classification rules.
It is an object of the invention to provide a mechanism for defining the types of actions that must be applied to packets processed by a networking device and which define the set of action attributes (characteristics) that can be associated with individual packet classification rules.
According to a preferred embodiment of the invention, there is provided a configurable packet classifier implemented in a network processor device for processing data packets communicated in a network, the classifier comprising: an attribute type definition table having entries including action types and corresponding action attributes; a classifier rule list structure comprising one or more data packet action rules, each classifier rule comprised of one or more action types having one or more corresponding action attribute values; a packet handling device responsive to an arrived data packet for searching the classifier rule list structure and identifying a matching action type and corresponding one or more attribute values that match the arrived data packet; and, a device for determining if an entry in the attribute type definition table has a corresponding action attribute and applying said corresponding one or more attribute values to the data packet.