Secure receive packet processing for network function virtualization applications
First Claim
1. A system comprising:
- a memory;
one or more processors in communication with the memory; and
an operating system (OS) including a kernel and executing on the one or more processors configured to;
map a receive ring into a first memory of an application, wherein the mapping includes a permission that prevents modification of a plurality of descriptors,map the first memory into a second memory of the kernel, wherein the kernel controls multiple processes, handles interrupts and has privileges to change the mapping of the application, and based on the permission, the application has less privileges than the kernel and is unable to change the mapping,receive a request to rearm the plurality of descriptors, andinitialize the first descriptor of the plurality of descriptors; and
the one or more processors configured to execute a packet processing thread and a rearming thread, which are configured to;
read, by the packet processing thread, a receive ring, whereinthe receive ring includes packets, andthe packets have packet information,retrieve, by the packet processing thread, the packet information within the receive ring,process, by the packet processing thread, the packets,notify, by the packet processing thread, the rearming thread that a batch size limit of a predefined quantity is reached, andresponsive to reaching the predefined quantity, request, by the rearming thread, the OS to rearm the plurality of descriptors.
1 Assignment
0 Petitions
Accused Products
Abstract
A transmit packet processing system includes a memory, one or more processors in communication with the memory, and an operating system. The one or more processors execute a packet processing thread and a rearming thread. The OS maps a receive ring into a first memory of an application and maps the first memory into kernel memory. The packet processing thread reads a receive ring. The packet processing thread retrieves the packet information within the receive ring. The packet processing thread processes the packets. The packet processing thread notifies the rearming thread that a batch size limit is reached and the rearming thread requests the OS to rearm the plurality of descriptors. The OS receives the request and initializes the first descriptor of the plurality of descriptors.
-
Citations
20 Claims
-
1. A system comprising:
-
a memory; one or more processors in communication with the memory; and an operating system (OS) including a kernel and executing on the one or more processors configured to; map a receive ring into a first memory of an application, wherein the mapping includes a permission that prevents modification of a plurality of descriptors, map the first memory into a second memory of the kernel, wherein the kernel controls multiple processes, handles interrupts and has privileges to change the mapping of the application, and based on the permission, the application has less privileges than the kernel and is unable to change the mapping, receive a request to rearm the plurality of descriptors, and initialize the first descriptor of the plurality of descriptors; and the one or more processors configured to execute a packet processing thread and a rearming thread, which are configured to; read, by the packet processing thread, a receive ring, wherein the receive ring includes packets, and the packets have packet information, retrieve, by the packet processing thread, the packet information within the receive ring, process, by the packet processing thread, the packets, notify, by the packet processing thread, the rearming thread that a batch size limit of a predefined quantity is reached, and responsive to reaching the predefined quantity, request, by the rearming thread, the OS to rearm the plurality of descriptors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
mapping, by an operating system (OS), a receive ring into a first memory of an application, wherein the mapping includes a permission that prevents modification of a plurality of descriptors; mapping, by the OS, the first memory into a second memory of a kernel, wherein the OS includes the kernel, the kernel controls multiple processes, handles interrupts and has privileges to change the mapping of the application, and based on the permission, the application has less privileges than the kernel and is unable to change the mapping; responsive to reaching a batch size limit of a predefined quantity, receiving, by the OS, a request to rearm the plurality of descriptors by a rearming thread, wherein the rearming thread is notified that the batch size limit of the predefined quantity is reached by a packet processing thread, and the packet processing thread reads and retrieves packet information; and initializing, by the OS, the first descriptor of the plurality of descriptors. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
reading, by a packet processing thread, a receive ring, wherein the receive ring is mapped into a first memory of an application, the mapping includes a permission that prevents modification of a plurality of descriptors, the receive ring includes packets, and the packets have packet information; retrieving, by the packet processing thread, the packet information within the receive ring; processing, by the packet processing thread, the packets, wherein the packets are sent through a kernel, the kernel controls multiple processes, handles interrupts and has privileges to change the mapping of the application, and based on the permission, the application has less privileges than the kernel and is unable to change the mapping; notifying, by the packet processing thread, a rearming thread that a batch size limit of a predefined quantity is reached; and responsive to reaching the predefined quantity, requesting, by the rearming thread, an OS to rearm the plurality of descriptors. - View Dependent Claims (18, 19, 20)
-
Specification