`
`VERSION*
`
`
`
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`PCT
`International Bureau
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`(51) International Patent Classification © :
`(11) International Publication Number:
`WO 97/23076
`HO4L 12/00
`
`Los Angeles, CA 90071-2066 (US).
`
`(43) International Publication Date:
`
`26 June 1997 (26.06.97)
`
`
`
`(21) International Application Number: PCT/US96/20779|(81) Designated States: AU, CA, CN, IL, JP, MX, SG, European
`patent (AT, BE, CH, DE, DK, ES, FI, FR, GB, GR,IE,IT,
`LU, MC,NL,PT, SE).
`
`(22) International Filing Date:
`
`13 December 1996 (13.12.96)
`
`(30) Priority Data:
`08/575,506
`
`20 December 1995 (20.12.95)
`
`US
`
`(71) Applicant: N B NETWORKS [US/US]; 7 Argonaut, Aliso
`Viejo, CA 92656 (US).
`
`(72) Inventors: BAKER,Peter, D.; 36 Blackbird Lane, Aliso Viejo,
`CA 92656 (US). NEAL, Karen; 1326 Saltair Avenue #6,
`Los Angeles, CA 90025 (US).
`
`(74) Agents: BROGAN,James,P.et al.; Lyon & Lyon L.LP., First
`Interstate World Center, Suite 4600, 633 West Fifth Street,
`
`Published
`With international search report.
`Before the expiration of the time limit for amending the
`claims and to be republished in the event of the receipt of
`amendments.
`
`(54) Titles SYSTEM AND METHOD FOR GENERAL PURPOSE NETWORK ANALYSIS
`
`NE 14
`
`
`
`:
`INPUT
`
`‘DEVICES
`
`
`
`NETWORK
`PROTOCOL
`DATA
`DESCRIPTION
`
`FILES
`FILES
`
`
`OUTPUT
`
`
`
`18
`
`DEVICES
` STORAGE
`
`
`
`NETWORK DEVICE
`CONTROL
`LOGIC
`
`16
`
`(57) Abstract PT
`a. A network interface system and related methods. A single logic control module, which may be implemented in hardware orsoftware,
`is utilized to perform any of a number of data manipulation functions including, for example, parsing,filtering, data generation or analysis,
`based upon one or more programmably configurable protocol descriptions which may be stored in and retrieved from an associated memory.
`
`* (Referred to in PCT Gazette No. 44/1997, Section I)
`
`NOACEx.1013 Page 1
`
`1
`
`1
`
`NOAC Ex. 1013 Page 1
`
`
`
`Viet Nam
`
`United Kingdom
`Georgia
`Guinea
`Greece
`Hungary
`Ireland
`Italy
`Japan
`Kenya
`Kyrgystan
`Democratic People’s Republic
`of Korea
`Republic of Korea
`Kazakhstan
`Liechtenstein
`Sri Lanka
`Liberia
`Lithuania
`Luxembourg
`Latvia
`Monaco
`Republic of Moldova
`Madagascar
`Mali
`Mongolia
`Mauritania
`
`Malawi
`Mexico
`Niger
`Netherlands
`Norway
`New Zealand
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`Slovenia
`Slovakia
`Senegal
`Swaziland
`Chad
`Togo
`Tajikistan
`Trinidad and Tobago
`Ukraine
`Uganda
`United States of America
`Uzbekistan
`
`NOACEx. 1013 Page 2
`
`FOR THE PURPOSES OF INFORMATION ONLY
`
`Codes used to identify States party to the PCT on the front pages of pamphlets publishing international
`applications under the PCT.
`
`AM
`AT
`AU
`BB
`
`BF
`BG
`
`Armenia
`Austria
`Australia
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`Co&e d'Ivoire
`Cameroon
`China
`Czechoslovakia
`Czech Republic
`Germany
`Denmark
`Estonia
`Spain
`Finland
`France
`Gabon
`
`2
`
`NOAC Ex. 1013 Page 2
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`1
`
`DESCRIPTION
`
`m
`
`a
`
`Purpose
`
`rk
`
`Technical Field
`
`to
`network
`The
`present
`invention
`relates
`to improved
`communications
`systems and,
`in particular,
`systems and methods for parsing, filtering, generating and
`analyzing data composed of inter-related structures such
`
`as protocols found within network frames.
`
`10
`
`15
`
`BackgroundArt
`Existing network interface devices provide systems
`receiving,
`analyzing,
`filtering and
`transmitting
`for
`network data or
`frames of data.
`Network Protocol
`Analyzers, Bridges, and Routers are among the most common
`network interface devices currently available.
`Conventional network protocol analyzers provide, for
`a predefined set of network frame structures or protocols,
`a system for monitoring the activity of a network and the
`stations on it by allowing network traffic to be captured
`and stored for
`later analysis.
`Common capture
`and
`analysis capabilities include the gathering of statistics,
`subsequent report generation,
`the ability to filter frames
`based on specific criteria, and the ability to generate
`network traffic.
`
`20
`
`Bridges and routers are network devices that pass
`frames from one network interface to another.
`Bridges
`operate at the data-link layer and routers at the network
`layer
`of
`the OSI
`reference model.
`Like protocol
`analyzers, both bridges and routers may gather statistics
`and filter incoming network frames based on specific
`criteria, however incoming frames also may be forwarded to
`other networks based on information collected by the
`bridge or
`router.
`Routers
`typically support only a
`limited number of network protocols.
`
`25
`
`30
`
`NOACEx. 1013 Page 3
`
`3
`
`3
`
`NOAC Ex. 1013 Page 3
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`2
`
`Each of these network devices requires an ability to
`separate network frames
`into individual protocols and
`their components
`(typically referred to as parsing),
`an
`ability to filter incoming frames based on a
`logical
`combination of one or more field values extracted during
`parsing, and an ability to gather statistics based in part
`on extracted field values. Typically, it is a requirement
`that network frames be received, analyzed and forwarded at
`full network speeds, sometimes on many different networks
`
`10
`
`at one time.
`
`A frame filter consists of one or more criteria which
`specify one or more valid values for a frame (or segments
`of
`a
`frame).
`Frame
`filtering criteria are typically
`implemented using an offset
`(from frame or protocol header
`start),
`a length in bits which defines a field,
`a value
`for comparison, and mask values for identifying relevant
`and irrelevant bits within the field.
`For multiple value
`filter criteria,
`the result
`from each filter value is
`logically OR'ed together
`to obtain an overall
`result.
`Therefore, each additional result adds to the processing
`required to filter a given field.
`For filtering on
`optional protocol fields that do not occur at
`the same
`relative offset
`in each protocol
`frame,
`this method is
`time-consuming.
`Thus,
`it would be desirable to perform
`filtering on both fixed and optional variable offset
`fields for any number of values or
`ranges of values
`without incurring any additional overhead.
`Parsing,
`the process wherein network frames are
`broken up into their individual protocols and fields,
`is
`necessary for filtering with offsets relative to protocol
`headers, gathering field based statistics, generating
`network traffic,
`routing data frames, verifying field
`values, and displaying network frames in human readable
`form.
`In conventional systems,
`the parsing process has an
`overall structure which incorporates control
`logic for
`each supported protocol.
`Therefore, additional control
`logic must be developed when support for a new protocol is
`
`15
`
`20
`
`25
`
`30
`
`35
`
`NOACEx. 1013 Page 4
`
`4
`
`4
`
`NOAC Ex. 1013 Page 4
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`3
`
`the development of
`As
`added to a conventional system.
`additional control logic, whether implemented in hardware
`or software, may be both time consuming and expensive, it
`would be highly desirable to be
`able
`to parse all
`protocols with
`a
`single
`configurable
`software
`(or
`hardware) module so that support for additional protocols
`could be added to a system without requiring substantial
`modification to the system or its control logic.
`Further, although microprocessors (or
`CPUs) avail-
`able today can execute tens or even hundreds of millions
`of
`instructions per second, vendors often must provide
`dedicated hardware assistance and/or front-end processors
`with hand-coded assembly language routines to achieve the
`necessary processing rates for more
`than one pair of
`networks. Unfortunately,
`this solution requires hardware
`
`and/or software modifications whenever changes are made to
`
`the number of supported features or protocols.
`
`Finally, as networks become larger and more complex,
`the maintenance of a comprehensive statistics database by
`each network device becomes more important. Because these
`
`statistics databases
`
`typically are not utilized by a
`
`maintaining device, but instead are collected by a network
`management device,
`the collection process may affect
`
`performance adversely without any corresponding benefit to
`
`10
`
`15
`
`20
`
`25
`
`the collecting device.
`
`In light of the considerations discussed above, it is
`
`believed that a network interface system having a con-
`
`figurable protocol analysis capability with common control
`logic applicable to many different network devices would
`
`30
`
`be highly desirable.
`
`
`
`
`
`SummaryInventionof
`
`The present invention is directed to improved systems
`and methods
`for parsing,
`filtering,
`generating and
`analyzing data (or frames of data)
`transmitted over a data
`
`35
`
`communications network.
`aspect of the present
`
`In one particularly innovative
`invention, a single logic control
`
`NOACEx. 1013 Page 5
`
`5
`
`5
`
`NOAC Ex. 1013 Page 5
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`4
`
`module, which may be implemented in hardware or software,
`
`is utilized to perform any
`of
`a
`number
`of
`data
`Manipulation functions (for example, parsing, filtering,
`data generation or analysis functions) based upon one or
`more programmably configurable protocol descriptions which
`may be stored in and retrieved from an associated memory.
`The use of common control
`logic (i.e.
`the use of a
`single logic control module) and programmably configurable
`protocol descriptions allows changes to existing protocols
`to be made and support for new protocols to be added to a
`system in accordance with the present
`invention through
`configuration only -- without the need for hardware and/or
`software system modifications. Thus,
`those skilled in the
`art will appreciate that a network interface in accordance
`with
`the present
`invention may
`be
`configured
`and
`reconfigured, if necessary,
`in a highly efficient and cost
`effective manner to implement numerous data manipulation
`functions and to accommodate substantial network modifica-
`
`the use of different data transmission
`tions (for example,
`hardware,
`protocols
`or
`protocol
`suites)
`without
`necessitating substantial system changes.
`the present
`In one preferred form,
`the system of
`invention may employ a CPU or other hardware implementable
`method for analyzing data from a network in response to
`selectively programmed parsing,
`filtering,
`statistics
`gathering, and display requests. Moreover,
`the system of
`the present
`invention may be incorporated in a network
`device,
`such as a network analyzer, bridge,
`router, or
`traffic generator,
`including a CPU and a plurality of
`input devices,
`storage devices,
`and output devices,
`wherein frames of network data may be received from an
`associated network,
`stored in the storage devices,
`and
`processed by the CPU based upon one or more programmably
`configurable protocol descriptions also stored in the
`storage devices.
`The protocol descriptions may take the
`form of one or more protocol description files for each
`supported network protocol and may include a protocol
`
`NOACEx. 1013 Page 6
`
`6
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`6
`
`NOAC Ex. 1013 Page 6
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`5
`
`header record and plurality of field sub-records having
`data corresponding to an associated protocol and fields
`
`defined therein.
`
`The system of the present
`
`invention also preferably
`
`includes logic for extracting field values from particular
`
`network frames, performing validation and error checking,
`
`and making parsing decisions based upon field values and
`
`information in the programmably configurable protocol
`
`descriptions.
`The system of the present
`
`10
`
`invention also preferably
`
`includes logic for filtering a subset of network frames
`
`received from the input or storage devices which satisfy
`
`a filter criteria based upon information defined in the
`programmably configurable protocol descriptions.
`
`15
`
`The system of the present
`
`invention also preferably
`
`includes logic for filtering network frames which satisfy
`
`a plurality of filter criteria which,
`
`if desired, may be
`
`joined together by Boolean operators.
`The system of the present
`invention also preferably
`includes logic for analyzing a filter request by breaking
`
`20
`
`the request
`into its component criteria to determine
`whether
`the result
`from evaluating a particular filter
`request criteria when combined with results from earlier
`
`criteria can be used to filter (i.e. discard) a particular
`network frame.
`
`25
`
`invention also preferably
`The system of the present
`includes
`logic
`for collecting statistics based upon
`extracted field values satisfying a statistics criteria
`based upon information defined in the programmably con-
`figurable protocol descriptions.
`invention also preferably
`The system of the present
`includes logic for determining a next protocol description
`structure required to continue analyzing a network frame.
`The system of the present
`invention also preferably
`includes
`logic
`for determining a
`frame
`length and
`individual protocol header lengths from extracted field
`values in a network frame.
`
`30
`
`35
`
`NOACEx. 1013 Page 7
`
`7
`
`7
`
`NOAC Ex. 1013 Page 7
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`6
`
`invention also preferably
`The system of the present
`includes logic for making routing decisions based upon
`information contained in the programmably configurable
`
`protocol descriptions.
`invention also preferably
`The system of the present
`includes logic for determining display formats based on
`information contained in the programmably configurable
`
`protocol descriptions.
`invention also preferably
`The system of the present
`includes logic for verifying individual field values and
`making parsing decisions based on the validity of
`the
`
`value.
`
`invention also preferably
`The system of the present
`includes logic for constructing and transmitting network
`frames with varying field contents based on information
`contained
`in the
`programmably
`configurable protocol
`
`descriptions.
`invention may be employed
`The system of the present
`in any system where it is useful to be able to examine and
`perform various operations on contiguous bit-fields in
`data structures, wherein each data structure is composed
`of predefined fields of one or more contiguous bits.
`Further,
`the
`system of
`the
`present
`invention
`is
`particularly efficient where operations must be performed
`on a subset of included fields.
`the
`recognize that
`Those skilled in the art will
`system of the present invention gains a distinct advantage
`in size and maintainability over conventional network
`devices by implementing analysis capabilities for multiple
`known and unknown protocols using common control
`logic.
`Furthermore,
`the system gains a distinct advantage in
`speed and efficiency over conventional network devices
`when the control
`logic is implemented in hardware or a
`front-end processor, without
`incurring the penalty of
`additional
`hardware
`and/or
`software
`development when
`
`protocol definitions change.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`NOACEx. 1013 Page 8
`
`8
`
`8
`
`NOAC Ex. 1013 Page 8
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`7
`
`Accordingly, it is an object of the present invention
`to provide an improved system for network analysis wherein
`the
`system may determine which protocols
`and which
`protocol fields exist
`in a network frame (also referred
`herein as parsing) using common control
`logic combined
`with configurable protocol descriptions.
`It is yet another object of the present invention to
`provide an improved system for network analysis wherein
`the control
`logic may be implemented in hardware as well
`
`10
`
`as software.
`
`It is yet another object of the present invention to
`provide an improved system for network analysis wherein
`each supported analysis capability is configurable even
`when the control logic is implemented in hardware.
`
`15
`
`invention to
`the present
`is another object of
`It
`provide an improved system for network analysis wherein
`the system may determine whether a particular network
`frame includes a field that satisfies a particular filter
`
`criteria based upon information stored in a programmably
`
`20
`
`configurable protocol description.
`
`It is yet another object of the present invention to
`
`provide an improved system for network analysis wherein
`
`the system may determine if a particular network frame
`
`includes a protocol
`
`field that satisfies a particular
`
`25
`
`statistics gathering criteria defined in a programmably
`configurable protocol description.
`
`It is yet another object of the present invention to
`
`provide an improved system for network analysis wherein
`the system may generate network traffic in the form of
`frames constructed from selected protocol descriptions
`with the ability to specify a variety of methods
`for
`varying individual field values.
`
`invention
`It is still another object of the present
`to provide an improved system for network analysis wherein
`the
`system may
`route network
`frames
`(determine
`the
`appropriate
`destination
`interface)
`that
`satisfy
`a
`particular routing criteria defined in a programmably
`
`30
`
`35
`
`NOACEx. 1013 Page 9
`
`9
`
`9
`
`NOAC Ex. 1013 Page 9
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`8
`
`a
`configurable protocol description while providing
`capability to specify a variety of methods for varying
`individual field values during the routing process.
`It is still another object of the present
`invention
`to provide an improved system for network analysis wherein
`the system may determine if a particular network frame
`includes a protocol field that contains a value related to
`either the overall
`length of
`the frame or the current
`
`protocol header length.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`;
`I
`of The
`Spt;
`Brief
`is a block diagram of a network interface
`1
`Fig.
`system in accordance with one
`form of
`the present
`invention.
`is a diagram representing a set of data
`2
`Fig.
`records of a typical network frame which may be contained
`in the data
`files of
`the network interface system
`
`illustrated in Fig. 1.
`Fig.
`3
`is a diagram representing a set of data
`records of a protocol description in accordance with one
`form of the present invention.
`Fig.
`4 is a diagram representing a control record of
`an Ethernet protocol description which may be utilized in
`a network interface system in accordance with one form of
`the present invention.
`Fig. 4a is a diagram representing five defined field
`sub-records
`of
`the
`Ethernet
`protocol
`description
`
`illustrated in Fig. 4.
`Figs. 4b, 4c, and 4d are diagrams representing lookup
`structures referenced in Fig.
`4a
`fields 0,
`2
`and 4
`
`respectively.
`Fig.
`5 is a diagram representing a control record of
`an imaginary Generic Protocol description which may be
`utilized in a network interface system in accordance with
`
`one form of the present invention.
`
`NOACEx. 1013 Page 10
`
`49
`
`10
`
`NOAC Ex. 1013 Page 10
`
`
`
`WO 97/23076
`
`.
`
`PCT/US96/20779
`
`9
`
`Fig.
`
`Sa
`
`is a diagram representing eleven defined
`
`field sub-records of
`Fig. 5.
`
`the GP description illustrated in
`
`Figs. 5b, 5c, 5d, and Se are diagrams representing
`
`7
`
`lookup structures referenced in Fig. 5(a) fields 1, 3,
`and 8, respectively.
`Figs. 6, 6a,
`and 6b are diagrams representing the
`control
`record and
`field sub-record of
`a protocol
`description structure that allows parsing of optional
`fields of the GP description shown in Figs.
`5 - Se.
`Figs. 7, 7a,
`and 7b are diagrams representing the
`control
`record and
`field sub-records of
`a protocol
`description structure that describes
`the End Of List
`
`5 - Se.
`option of the GP description shown in Figs.
`Figs. 8, 8a, and 8b are diagrams representing the
`control
`record and
`field sub-records of
`a protocol
`description structure that describes the No Operation
`option of the GP description shown in Figs.
`5 - Se.
`Figs. 9, 9a, and 9b are diagrams representing the
`control record and field records of a protocol description
`file that describes the Maximum Frame Size option of the
`GP description shown in Figs. 5 - Se.
`Figs. 10, 10a, 10b, 10c, 10d and 10e are diagrams
`representing data records of a filter expression control
`and associated field filter structures.
`
`Fig. 11 is a flow chart illustrating top level frame
`parsing control
`logic in accordance with one form of the
`
`present invention.
`Fig. 12 is a flow chart illustrating protocol parsing
`control
`logic in accordance with one form of the present
`invention.
`
`Fig. 13 is a flow chart of the field parsing control
`in accordance with one
`form of
`the present
`logic
`invention.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`value
`representing
`flow chart
`a
`is
`14
`Fig.
`verification, error checking, next protocol and branch
`
`NOAC Ex. 1013 Page 11
`
`4.4
`
`11
`
`NOAC Ex. 1013 Page 11
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`10
`
`determination control logic in accordance with one form of
`
`the present invention.
`Fig. 15 is a flow chart representing field filtering
`control
`logic in accordance with one form of the present
`
`invention.
`illustrating field value
`is a flow chart
`16
`Fig.
`logic in accordance with
`extraction and varying control
`one form of the present invention.
`
`10
`
`-15
`
`20
`
`25
`
`30
`
`Referring now to Fig. 1, a network interface system
`in accordance with one form of
`the present
`invention,
`generally referred to as 10, may be implemented in a
`network device including input devices 12, data storage
`devices 14, analysis control logic 16 for facilitating the
`input, storage, retrieval, and analysis of network frames,
`and output devices 18 for forwarding frames or displaying
`or printing the results of analyses.
`A data storage
`device 14 may include a data file 20 of network frames
`having n protocol data records, wherein each data record
`contains data stored in a plurality of predefined fields.
`Protocol description files 22 also may be stored in the
`data storage device 14.
`The protocol description files 22
`may include a protocol control
`record and n field sub-
`records, which together may describe a subset of a network
`protocol and include rules for analyzing that protocol.
`The network device control
`logic 16 is capable of
`retrieving a subset of network frames
`from the input
`devices 12 or data files 20 which satisfy one or more
`criteria based upon extracted field values and filtering
`criteria contained in one or more
`of
`the protocol
`description files 22.
`The network device control logic 16
`also includes logic for determining frame and protocol
`header
`lengths, gathering statistics, verification and
`error checking, determining routes, varying values, and
`
`35
`
`formatting output.
`
`NOACEx. 1013 Page 12.49
`
`12
`
`NOAC Ex. 1013 Page 12
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`11
`
`A personal computer or conventional network device,
`such as an IBM PC (or compatible), Apple Macintosh®, or
`any Unix®, or Zenix® workstation, protocol analyzer,
`bridge, router,
`traffic generator, or similar system may
`be utilized in accordance with the system of the present
`invention.
`The data input devices 12 may comprise any of
`a number of
`commercially available network interface
`devices and may include a conventional keyboard or mouse
`if required.
`The data storage devices 14 may take the
`form of any of a number of commercially available data
`storage options (such as RAM, ROM, EPROM, or various sized
`fixed disk drives), and the data output devices 18 may
`comprise any of a number of commercially available user
`
`10
`
`interface devices, such as CRT displays, monitors, network
`interface devices and/or printers
`(if
`required).
`The
`
`15
`
`analysis control logic 16 may be implemented as a computer
`
`program written in any language suitable for
`
`systems
`
`programming or may be implemented in hardware if better
`
`performance is required.
`
`In one presently preferred form,
`
`20
`
`logic 16 may be implemented via the
`the analysis control
`programming files set
`forth in the attached Appendix,
`which is herein incorporated by reference. However,
`those
`skilled in the art will appreciate that
`the analysis
`control
`logic 16 might equivalently be implemented in
`dedicated hardware using,
`for
`example,
`one or more
`application specific integrated circuits ("ASICs") or one
`or more field programmable gate arrays ("FPGAs").
`The network interface system 10 of
`the present
`
`invention is preferably implemented a_personalon
`
`30
`computer, workstation or
`conventional network device
`
`25
`
`an
`and register set,
`larger bus
`having a 32-bit or
`least one megabyte of
`optional math co-processor, at
`available RAM, and for personal computer and workstation
`applications, a fixed disk having at least 10 megabytes of
`available storage space.
`As
`shown
`in the attached
`Appendix,
`the analysis control logic 16 may be programmed
`in the C++ language, with abstract data types defined for
`
`35
`
`NOACEx. 1013 Page 1343
`
`13
`
`NOAC Ex. 1013 Page 13
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`12
`
`statistics gathering, value verification, next protocol
`determination, filtering, varying values, checksumming and
`route determination capabilities, and protocol control and
`
`field records.
`
`Referring now to Fig. 2, a data file 20 in accordance
`with one
`form of
`the present
`invention may include a
`plurality (n) of protocol header data records and optional
`Data and Pad records.
`Each protocol record contains data
`organized into a plurality of predefined fields.
`Each
`field comprises a collection of 1 or more contiguous bits
`and includes a set of valid values for that field.
`For
`example, a particular protocol specification might include
`a
`6 bit header
`length field that
`limits the protocol
`header
`length to values between 20
`and 60
`inclusive,
`thereby excluding values less than 20 and values from 61
`
`to 64.
`The number of possible contiguous bit fields for a
`protocol header of length N bits where N is greater than
`1 can be expressed by the following formula:
`N
`
`10
`
`15
`
`20
`
`Number of Possible Fields =
`
`i
`1=1
`
`It will be appreciated by those skilled in the art that
`any possible organization of
`fields for any possible
`protocol specification is contemplated for
`the network
`interface system 10 of the present invention.
`Referring now to Fig. 3, a protocol description file
`22 in accordance with one form of the present
`invention
`may include a protocol control record, and a plurality (n)
`of
`field data
`records.
`In a particularly preferred
`embodiment,
`the protocol control record (shown below in
`Table 1) may define the overall structure of a network
`protocol and reference other information relating to the
`network protocol.
`
`25
`
`30
`
`NOAC Ex. 1013 Page 14
`
`44
`
`14
`
`NOAC Ex. 1013 Page 14
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`
`
`
`ee
`
`
`
`
`
`name_length
`
`length of protocol name in bytes including NULL
`
`terminator
`
`protocolname
`
`mame of protocol control record is describing
`
`filename
`
`name of file control record is stored in
`
`numBits describing
`
`total bit length of protocol header control record is
`
`numFields
`
`number of fields required to describe protocol header
`
`curField
`
`index of field currently referenced
`
`outFlag
`
`flag indicating template has been output to file
`
`fields
`
`options
`
`protocol has optional fields
`
`pointer to protocol specific routing table
`
`display bit width for protocol header display
`field records that describe protocol header
`
`pointer to option control record to use if this
`
`
`
`|
`|
`
`t
`
`74
`
`8-11
`
`12-15
`
`
`
`
`16-17
`
`18-19
`
`20-23
`
`24-27
`
`28-31
`
`32-25
`
`
`
`36-39
`
`10
`
`15
`
`20
`
`
`
`
`The field records referenced at bytes 28-31 in the
`table above are preferably organized as shown in Table 2:
`
`TABLE 2
`
`;—_ ee eee
`
`0-3
`
`fplen
`
`(multiplier)
`
`
`
`|
`__ FIELD SUB-RECORDS
`Offset [ame_|Description
`
`
`
`
`
`flag indicating value is actual length of frame
`
`
`
`
`
`
`25
`
`
`
`8-11
`
`byte offset from start of protocol header of 32-bit field
`
`containing value
`
`number of bits to left shift 32-bit value
`
`number of bits to right shift 32-bit value
`
`NOAC Ex. 1013 Page 1545
`
`
`
`
`15
`
`NOAC Ex. 1013 Page 15
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`14
`
`
`number indicating a display type (i.e., decimal, hex,
`
`sae)
`
`
`
`
`
`
`
`
`flag indicating value is actual length of protocol header
`
`(multiplier)
`
`not used ... pad byte to align following fields
`
`multiplier to apply to value prior to display
`
`
`
`
`
`
`
`
`
`
`
`|22-25|peravary|pointertovaryfletavalueseructure/ciase(omnene)|
`
`
`
`|s-30|peezceun|pointertochecisun(osnone)|structure/ciase
`
`
`
`
`18
`
`fswap
`
`flag indicating the need to swap bytes and words in 32-
`
`bit field containing value
`
`
`
`fsdspfield
`
`flag indicating that this field should be displayed
`
`pointer to configured statistics structure/class (0=none)
`
`28-31
`
`ptr2np
`
`pointer to lookup structure/class ... next protocol
`
`definition to use (O=none)
`
`10
`
`The statistics records referenced in Table 2, above,
`
`15
`
`at bytes 24-27 are preferably organized as shown in Table
`
`3:
`
`TABLE 3
`
`
`Offset [mame|Description
`
` 20
`
`
`
`
`
`
`
`STATISTICS STRUCTURE/CLASS RECORD
`
`StatName
`
`4-7
`
`Stat
`
`
`
`pointer to user assigned name for statistic
`
`pointer to derived structure/class for accumulating
`
`configured statistic
`
`
`
`
`
`The next protocol
`
`lookup records referenced in the
`
`field sub-record table
`
`(Table
`
`2)
`
`at bytes 28-31 are
`
`preferably organized as shown in Table 4:
`
`NOACEx. 1013 Page 1646
`
`16
`
`NOAC Ex. 1013 Page 16
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`15
`
`TABLE 4
`
`
`
`LOOKUP STRUCTURE RECORD
`
`
`
`
`
`
`Lan|Next Index index of field in protocol description to parse next
`
`|ota|minimum|minimum acceptable value for this range
`
`
`
`
`
`
`
`16-19
`
`
`
`pointer to protocol description structure
`
`maximum acceptable value for this range
`
`selects even only, odd only, or all values in range
`
`pointer to associated human language equivalent
`
`10
`
`15
`
`Lookup structures can be used for determining the
`next protocol control record to use,
`terminating protocol
`processing on illegal values, branching decisions
`for
`variable length headers or overlapping fields,
`and for
`translation of numeric values
`to mnemonic or written
`
`language equivalents. This ability to specify branches on
`field values allows protocols with multiple overlapping
`structures to be specified and parsed dynamically.
`The vary field value records referenced in the field
`sub-record table (Table 2) at bytes 32-35 are preferably
`
`20
`
`organized as shown in Table 5:
`
`VARY FIELD VALUE RECORD
`
`
`
`
`jortsce||vane Description
`
`
`
`
`
`
`
`[os|nase|masksorinctatingfetavicefrons2-piesietd
`
`
`
`
`16-19
`maxvalue
`
`
` maximum allowable value for field bits (relative to
`
`
`25
`
`12-15
`
`minvalue
`
`
`
`minimum allowable value for field bits (relative to
`
`
`
`field)
`
`NOACEx. 1013 Page 1747
`
`17
`
`NOAC Ex. 1013 Page 17
`
`
`
`WO 97/23076
`
`PCT/VU896/20779
`
`16
`
`The checksum records referenced in the field sub-
`
`record table (Table 2) at bytes 36-39 are preferably
`
`organized as shown in Table 6:
`
`TABLE 6
`
`
`
`
`
`___CHECKSUM RECORD_SS
`Le
`
`
`
`Toa|versty|pospointer to routine to verify protecol checksum
`|ar| compute_|_ pointer to routinettocompute_protocolchecksum
`
`The filter criteria records referenced in the field
`
`10
`
`sub-record table (Table 2) at bytes 40-43 are preferably
`
`organized as shown in Table 7:
`
`TABLE 7
`
`
`
`FILTERCRITERIA RECORD
`[
`[ortect|wane|Description
`
`Ts|anaex| imindex of this filter criteria (zero-based)
`
`Loa|ChPtr pointer to parent filter channel
`
`pointer to lookup structure containing all possible field
`
`values
`
`15
`
`
`
`
`
`
`
`
`
`16-1919|oma|pointer to associated field definitionfforthithiscriteriaJ
`
`criteria
`
`
`
`a pointertoassociatedprotocoldefinitionforthis
`
`
`20
`
`The filter channel records referenced in the Filter
`
`Criteria record (Table 7)
`
`above at 4-7 are preferably
`
`organized as shown in Table 8:
`
`NOACEx. 1013 Page 18
`
`4g
`
`18
`
`NOAC Ex. 1013 Page 18
`
`
`
`WO 97/23076
`
`PCT/US96/20779
`
`17
`
`TABLE 8
`
`
`
`
`
`a
`FILTER CHANNEL RECORD
`
`es eeeee
`
`
`
`
`NextCriterial
`
` index of next criteria that should be applied to this
`
` ndex
`filter
`
`
`
`TotalCriteria
`
`number of criteria required to implement this filter
`
`pointer to array of TotalCriteria criteria structures
`
`12-15
`
`
`Channe]Name
`
`
`pointer to user supplied filter channel name
`
`Each configured filter consists of one or more filter
`
`criteria and the filter criteria may be organized into
`
`10
`
`Filter Criteria records.
`
`The Filter Criteria records may
`
`refer to lookup structures which allow the filter criteria
`
`to determine from a field value the current state of the
`
`filter expression at each criteria.
`These states may
`include:
`PASS_FRAME (accept this frame) and FILTER_FRAME
`(discard this frame).
`
`15
`
`The NextCriteriaIndex field referenced in Table 8
`
`above at bytes 0-3 is used to ensure that all filter
`
`expressions are applied in the required order.
`
`MThe Ptl
`
`and Fld fields at bytes 12-19 allow filter criteria to be
`
`20
`
`associated with specific protocols and protocol fields.
`
`The
`lookup records
`referenced in the Filter Criteria
`record (Table 7) at bytes 8-11 are preferably organized as
`shown in Table 9:
`
`TABLE 9
`
`
`
`offset|wane|Description
`
`
`25
`
`FILTER LOOKUP STRUCTURE RECORD
`
`
`
`
`|oa|mdex|index of field in Filter Expression structure
`
`
`
`
`
`Return
`
`PASS_FRAME, FILTER_FRAME value range result
`
`Value
`
`30
`
`12-15
`
`
`Minimum acceptable value for this range
`
`maximum acceptable value for this range
`
`NOACEx. 1013 Page 19=49
`
`19
`
`NOAC Ex. 1013 Page 19
`
`