Cooperated approach to network packet filtering
US9276875B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 28, 2010 |
| Grant date | Mar 1, 2016 |
| Priority date | — |
| Expiry date | May 8, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0245
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An apparatus, system, method, and machine-readable medium are disclosed. In one embodiment the apparatus is a network interface controller that includes one virtual function owned by a virtual machine present in the computer system. The controller includes a simple filtering agent that is associated with the first virtual function. The agent enforces simple filter rules for received network packets. The simple filter rules are capable of blocking the network packets from reaching the virtual machine. The apparatus also includes another virtual function that is owned by a virtual machine monitor present in the computer system. The controller also includes a side bounce filtering agent to forward the first network packet to the second virtual function if the first packet is blocked by the at least one of the one or more simple filter rules.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.