Abstract: Methods and systems are provided for hardware-based pattern matching. In an embodiment, an intrusion-prevention system (IPS) identifies a full match between a subject data word comprising subject-data blocks and a signature data pattern comprising signature-data blocks. The IPS receives the subject data word via a network interface, and thereafter makes a partial-match determination that two or more but less than all of the subject-data blocks respectively match the same number of the signature-data blocks stored in partial-match hardware with respect to both value and position. Thereafter, the IPS makes a full-match determination that all of the subject-data blocks respectively match all of the signature-data blocks stored in the IPS's full-match hardware with respect to both value and position. The IPS then stores an indicator that the full-match determination has been made, and may carry out one or more additional intrusion-prevention responses as well.

Abstract: According to an example, an intrusion-prevention system may include a network interface to receive a subject data word via a network. The intrusion-prevention system may include hardware to determine whether the subject data word partially matches a signature data pattern, and determine whether the subject data word fully matches the signature data pattern if the subject data word partially matches the signature data pattern.

Abstract: Methods and systems are provided for hardware-based pattern matching. In an embodiment, an intrusion-prevention system (IPS) identifies a full match between a subject data word comprising subject-data blocks and a signature data pattern comprising signature-data blocks. The IPS receives the subject data word via a network interface, and thereafter makes a partial-match determination that two or more but less than all of the subject-data blocks respectively match the same number of the signature-data blocks stored in partial-match hardware with respect to both value and position. Thereafter, the IPS makes a full-match determination that all of the subject-data blocks respectively match all of the signature-data blocks stored in the IPS's full-match hardware with respect to both value and position. The IPS then stores an indicator that the full-match determination has been made, and may carry out one or more additional intrusion-prevention responses as well.

Abstract: According to an example, an intrusion-prevention system may include a network interface to receive a subject data word via a network. The intrusion-prevention system may include hardware to determine whether the subject data word partially matches a signature data pattern, and determine whether the subject data word fully matches the signature data pattern if the subject data word partially matches the signature data pattern.

Abstract: Methods and systems are provided for hardware-based pattern matching. In an embodiment, an intrusion-prevention system (IPS) identifies a full match between a subject data word comprising subject-data blocks and a signature data pattern comprising signature-data blocks. The IPS receives the subject data word via a network interface, and thereafter makes a partial-match determination that two or more but less than all of the subject-data blocks respectively match the same number of the signature-data blocks stored in partial-match hardware with respect to both value and position. Thereafter, the IPS makes a full-match determination that all of the subject-data blocks respectively match all of the signature-data blocks stored in the IPS's full-match hardware with respect to both value and position. The IPS then stores an indicator that the full-match determination has been made, and may carry out one or more additional intrusion-prevention responses as well.

Abstract: Methods and systems are provided for hardware-based pattern matching. In an embodiment, an intrusion-prevention system (IPS) identifies a full match between a subject data word comprising subject-data blocks and a signature data pattern comprising signature-data blocks. The IPS receives the subject data word via a network interface, and thereafter makes a partial-match determination that two or more but less than all of the subject-data blocks respectively match the same number of the signature-data blocks stored in partial-match hardware with respect to both value and position. Thereafter, the IPS makes a full-match determination that all of the subject-data blocks respectively match all of the signature-data blocks stored in the IPS's full-match hardware with respect to both value and position. The IPS then stores an indicator that the full-match determination has been made, and may carry out one or more additional intrusion-prevention responses as well.

Abstract: Receive and transmit blocks for asynchronous transfer mode (ATM) cell delineation are disclosed. The receive block has a plurality of cell delineation blocks, a memory controller, a memory and a bus controller. The transmit block has a bus controller, a plurality of queue selection devices, a plurality of memory queues and a plurality of cell delineation blocks. According to one implementation, the bus controllers receive address mode/select signals and operate to respond to one of a plurality of subsets of port addresses on the ATM physical layer responsive to the address mode/select signals.

Abstract: An interleaved read/write operation in a data switch determines a read memory of at least two memories that has been accessed during a most recent read operation. A memory controller determines a write memory different from the read memory and accesses a cell buffer list associated with the write memory to determine a buffer to store the cell. The switch writes the cell to the buffer to interleave read/write operations between the read memory and the write memory.

Abstract: Receive and transmit blocks for asynchronous transfer mode (ATM) cell delineation are disclosed. The receive block has a plurality of cell delineation blocks, a memory controller, a memory and a bus controller. The transmit block has a bus controller, a plurality of queue selection devices, a plurality of memory queues and a plurality of cell delineation blocks. According to one implementation, the bus controllers receive address mode/select signals and operate to respond to one of a plurality of subsets of port addresses on the ATM physical layer responsive to the address mode/select signals.

Abstract: A system and method for coupling a local bus to a PCI bus are provided. The system comprises a local bus interface for receiving signals from a microprocessor through a local address/data bus and a local control bus. The system further comprises a bus translator coupled to the local bus interface. The bus translator determines if the microprocessor will access a target peripheral PCI device coupled to the local address/data bus. A PCI control bus interface is coupled to the bus translator and signals the target PCI peripheral device via a PCI control bus, such that the local address/data bus and the PCI control bus define a PCI bus.