Fortinet, Inc.
Selectively processing packets based on their classification by a counting bloom filter as a first packet or a subsequent packet of a transport protocol connection

Abstract:

Systems and methods for selectively processing packets based on their classification by a CBF are provided. According to one embodiment, a network device receives a packet, extracts n-tuple values from the header of the packet that are indicative of a particular transport protocol connection with which the packet is associated, determines whether the particular transport protocol connection represents an active transport protocol connection represented within the CBF by searching the CBF based on the n-tuple values. When the packet is a first packet of a new connection, counters maintained by the CBF corresponding to the n-tuple values are incremented. When a decrement event is detected for one or more of the counters, they are decremented. Finally, the packet is processed in accordance with its classification as a first packet of a new connection or a subsequent packet of an existing connection.