System for user-space network packet modification
First Claim
1. In a computer device of the type having a user space containing a set of application code and a kernel space containing a set of kernel stack code, the kernel stack code including a set of machine language instructions executable by a processor for processing data packets according to a protocol stack, packets being processed through the kernel space by the kernel stack code, a method comprising, in combination:
- creating a PML socket;
creating a PML packet filter for the PML socket;
applying the PML packet filter to tap a packet bound for processing by the kernel stack code, copying the packet from kernel space into user space;
deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code;
operating on the packet in user space;
copying the packet from user space into kernel space; and
calling a line of the kernel stack code to cause the kernel stack code to process the packet.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for user-space packet modification, including a set of kernel code and a user-level application programming interface (API). The system facilitates creation of a special socket for passing packets between kernel space and user space. The system in turn facilitates creation and application of a packet filter associated with the socket, in order to trap incoming or outgoing packets being processed in the kernel at a designated point in a protocol stack. Once a packet is trapped, it is moved through the socket into user space, thereby at least temporarily preventing the protocol stack from further processing the packet. In user space, an application may operate on the packet, for instance, modifying aspects of the packet or deleting the packet altogether. The system in turn facilitates injection of a packet from user space into kernel space, and into a designated point in the protocol stack for desired stack processing.
173 Citations
26 Claims
-
1. In a computer device of the type having a user space containing a set of application code and a kernel space containing a set of kernel stack code, the kernel stack code including a set of machine language instructions executable by a processor for processing data packets according to a protocol stack, packets being processed through the kernel space by the kernel stack code, a method comprising, in combination:
-
creating a PML socket;
creating a PML packet filter for the PML socket;
applying the PML packet filter to tap a packet bound for processing by the kernel stack code, copying the packet from kernel space into user space;
deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code;
operating on the packet in user space;
copying the packet from user space into kernel space; and
calling a line of the kernel stack code to cause the kernel stack code to process the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
the kernel stack code processing the copied-packet according the protocol stack.
-
-
8. A method as claimed in claim 1, wherein the steps of copying the packet from kernel space into user space and deleting the packet from kernel space occur after the kernel stack code has begun processing the packet.
-
9. A method as claimed in claim 1, wherein the step of copying the packet from kernel space into user space occurs after the kernel stack code has begun processing the packet.
-
10. A method as claimed in claim 1, wherein the step of deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code occurs after the kernel stack code has begun processing the packet.
-
11. A method as claimed in claim 1, wherein the step of copying the packet from kernel space into user space occurs at a location other than at the top of the kernel protocol stack.
-
12. A method as claimed in claim 1, wherein the step of deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code occurs at a location other than at the top of the kernel protocol stack.
-
13. In a computer device of the type having a user space containing a set of application code and a kernel space containing a set of kernel stack code, the kernel stack code including a set of machine language instructions executable by a processor for processing data packets according to a protocol stack, a set of computer executable software routines comprising, in combination:
-
machine language instructions for creating a PML socket;
machine language instructions for creating a PML packet filter for the PML socket;
machine language instructions for applying the PML packet filter to tap a packet bound for processing by the kernel stack code, machine language instructions for copying the packet from kernel space into user space;
machine language instructions for deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code;
machine language instructions for operating on the packet in user space;
machine language instructions for copying the packet from user space into kernel space; and
machine language instructions for calling a line of the kernel stack code to cause the kernel stack code to process the packet. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
a set of machine language instructions for processing the copied-packet according the protocol stack.
-
-
19. A set of computer executable software routines as claimed in claim 13, wherein the machine language instructions for (i) applying the PML packet filter to tap a packet bound for processing by the kernel stack code, (ii) copying the packet from kernel space into user space, and (iii) deleting the packet from kernel space are executable by the processor after the kernel stack code has begun processing the packet.
-
20. A set of computer executable software routines as claimed in claim 13, wherein the machine language instructions for applying the PML packet filter to tap a packet bound for processing by the kernel stack code comprise machine language instructions for applying the PML packet filter to tap a packet bound for processing by the kernel stack code for after the kernel stack code has begun processing the packet.
-
21. A set of computer executable software routines as claimed in claim 13, wherein the machine language instructions for copying the packet from kernel space into user space comprise the machine language instructions for copying the packet from kernel space into user space after the kernel stack code has begun processing the packet.
-
22. A set of computer executable software routines as claimed in claim 13, wherein the machine language instructions for applying the PML packet filter to tap a packet bound for processing by the kernel stack code comprise machine language instructions for applying the PML packet filter to tap a packet bound for processing by the kernel stack code at a location other than at the top of the kernel protocol stack.
-
23. A set of computer executable software routines as claimed in claim 13, wherein the machine language instructions for applying the PML packet filter to tap a packet bound for processing by the kernel stack code comprise machine language instructions for applying the PML packet filter to tap a packet bound for processing by the kernel stack code at a location other than at the top of the kernel protocol stack.
-
24. A set of computer executable software routines as claimed in claim 13, wherein the machine language instructions for copying the packet from kernel space into user space comprise machine language instructions for copying the packet from kernel space into user space at a location other than at the top of the kernel protocol stack.
-
25. A set of computer executable software routines as claimed in claim 13, wherein the machine language instructions for deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code comprise machine language instructions for deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code at a location other than at the top of the kernel protocol stack.
-
26. A set of computer executable software routines as claimed in claim 13, wherein machine language instructions for (i) copying the packet from kernel space into user space, (ii) deleting the packet from kernel space to prevent continued processing of the packet by the kernel stack code, (iii) operating on the packet in user space, and (iv) copying the packet from user space into kernel space are maintained in a packet modification library.
Specification