Abstract: As Internet packet flow increases, the demand for high speed packet filtering has grown. The present invention introduces several methods for a high-speed rule processing. The methods are geared towards Internet Protocol (IP) packet processing.

Abstract: A high-speed parallel pattern searching system is disclosed. The high-speed parallel pattern searching system allows the body of a data packet to be searched for one or more patterns such as a string or a series of strings. These string patterns can be defined by the grammar of regular expressions. In the invention, one or more patterns are loaded into one or more nanocomputers that operate in parallel. A control system then feeds a packet body into the participating nanocomputers such that each participating nanocomputer tests for a match. The various tests performed by the nanocomputers may be combined to perform complex searches. These nanocomputer searches are performed in parallel. Furthermore, several different searches may be combined together using control statements. A combination of these searches engines can be supported such that data is also looked at in parallel.

Abstract: A method and apparatus for performing network address translation is disclosed. The method generates statistically unique port number for each outgoing connection. The statistically unique port numbers are formed from a subset of bits from the source node's IP address and a subset of bits from the port number assigned by the source node. The statistically unique port number is used as an index into a table containing connection information. When a statistically unique port number fails to be absolutely unique, the method uses a secondary fallback system that generates a unique port number by using sequential numbering system. The information about the connections using unique port numbers that were generated sequentially is stored in a secondary connection table. The secondary connection table is organized as a Patricia tree.