Packet validation in virtual network interface architecture

Assignee

• SOLARFLARE COMMUNICATIONS, INC. · US

Inventors

• Steve L. Pope · Cambridge, GB
• David J. Riddoch · Huntingdon, GB
• Ching Yu · Santa Clara, US
• Derek Roberts · Cambridge, GB

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Roughly described, a network interface device receiving data packets from a computing device for transmission onto a network, the data packets having a certain characteristic, transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses, for example. Authorizations can be programmed into the NIC by a kernel routine upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from certain kinds of compromise.