Method and apparatus for adding and updating protocol inspection knowledge to firewall processing during runtime

US 7,188,363 B1
Filed: 02/14/2000
Issued: 03/06/2007
Est. Priority Date: 02/14/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A firewall device for inspecting packets transmitted over a network comprising:

a) a firewall core connected to each of a plurality of communication interfaces and executing at least one inspection module wherein each at least one inspection module is software code configured to carry out an operation of providing protocol information for a particular protocol to said firewall core; and

b) a new inspection module inserted into an operating memory of said firewall core during operation of said firewall core wherein said new inspection module is software code configured to carry out an operation of providing protocol inspection for a new particular protocol to said firewall core wherein said new particular protocol is different from each said particular protocol provided by each said at least one inspection module and wherein each said at least one inspection module and new inspection module are each further configured to indicate to said firewall core which protocol for data packets said inspection module is configured to provide inspection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for adding and updating protocol inspection knowledge/information to a firewall system during operation and without interrupting firewall services. The invention allows inspection modules, which contain protocol information, to be added and updated to the system without requiring a service restart of the firewall system.

23 Citations

View as Search Results

20 Claims

1. A firewall device for inspecting packets transmitted over a network comprising:
- a) a firewall core connected to each of a plurality of communication interfaces and executing at least one inspection module wherein each at least one inspection module is software code configured to carry out an operation of providing protocol information for a particular protocol to said firewall core; and
  
  b) a new inspection module inserted into an operating memory of said firewall core during operation of said firewall core wherein said new inspection module is software code configured to carry out an operation of providing protocol inspection for a new particular protocol to said firewall core wherein said new particular protocol is different from each said particular protocol provided by each said at least one inspection module and wherein each said at least one inspection module and new inspection module are each further configured to indicate to said firewall core which protocol for data packets said inspection module is configured to provide inspection.
- View Dependent Claims (2, 3, 4)
- - 2. The firewall device of claim 1, wherein said firewall core is configured to monitor said operating memory for said new inspection module.
  - 3. The firewall device of claim 1, wherein each said at least one inspection module and said new inspection module each further comprise a plurality of callback functions, said plurality of callback functions communicated to said firewall core and providing communication between said firewall core and said at least one inspection module.
  - 4. The firewall device of claim 1, wherein each data packet intercepted by said firewall core further includes session information comprising address and port data, said firewall core further configured to map said session information for each said data packet to one of said at least one inspection modules and said new inspection module.

5. A firewall core in a firewall system that inspects data packets transmitted over a network comprising:
- a communication unit where said communication unit is operatively coupled to each one of a plurality of communication interfaces connected to said network;
  
  a set of callback functions, retrieved from each of at least one inspection modules loaded into a memory of said firewall core, each of said set of callback functions provide communication between said firewall core and one of said at least one inspection modules and wherein each said at least one inspection module is software code configured to carry out the operation of providing protocol information and to inspect data packets of a particular protocol;
  
  and wherein said firewall core monitors said memory to determine when a new inspection module is loaded into said memory wherein said in new inspection module is inserted into an operating memory of said firewall core during operation of said firewall core wherein said new inspection module is software code configured to carry out an operation of providing protocol inspection for a new particular protocol to said firewall core wherein said new particular protocol is different from each said particular protocol provided by each said at least one inspection module and wherein each said at least one inspection module and new inspection module are each further configured to indicate to said firewall core which protocol for data packets said inspection module is configured to provide inspection.
- View Dependent Claims (6, 7, 8)
- - 6. The firewall core of claim 5, wherein said communication unit is further configured to intercept network data communicated via each of said plurality of communication interfaces.
  - 7. The firewall core of claim 5, further comprising a session mapping unit, said data packets intercepted by said firewall core further including session information comprising address and port data, said session mapping unit further configured to map said session information to a corresponding one of said at least one inspection modules providing inspection for said protocol of said packet into a session mapping and store said session mapping into said session mapping unit.
  - 8. The firewall core of claim 7, wherein said communication unit is further configured to communicate a packet between said communication interfaces and one of said at least one inspection modules.

9. An inspection module in a memory of a firewall device comprising software code that inspects packets transmitted over a network in a particular protocol, said inspection module comprising:
- an inspection unit configured to inspect and authorize data packets formatted in a new particular protocol wherein said new particular protocol is different from each said particular protocol provided by other inspection modules in said memory;
  
  a function table including a set of callback functions wherein said set if callback functions provides communication between said firewall core and said inspection module; and
  
  wherein said inspection module is loaded into said memory monitored by said firewall core during operation of said firewall device and indicates to said firewall core said new particular protocol for data packets said inspection module is configured to provide inspection.
- View Dependent Claims (10, 11)
- - 10. The inspection module of claim 9, wherein said inspection module is further configured to indicate to said firewall core for said protocol for data packets to be inspected by said inspection module.
  - 11. The inspection module of claim 9, where in said inspection unit is further configured to receive and inspect packets communicated from the firewall core to said inspection module.

12. A method for providing an inspection module for inspecting data packets of a particular protocol to a firewall system during runtime comprising:
- loading a new inspection module into a memory monitored by a firewall core during operation of said firewall system wherein said inspection module comprises software code for an application providing inspections of packets in a new particular protocol wherein said new particular protocol is different from each said particular protocol provided by other inspection modules in said memory;
  
  communicating said set of callback functions from said inspection module to said firewall core;
  
  indicating to said firewall core which protocol for data packets said inspection module is configured to provide inspection.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, further comprising enabling said inspection module, prior to communicating said set of callback function to said firewall core.
  - 14. The method of claim 12 further comprising inspecting of packets of said particular protocol by said inspection module, said packets communicated from the firewall core to said inspection module.
  - 15. The method of claim 12 wherein said step of notifying the firewall core comprises:
    - transmitting a signal to the firewall core to indicate the installation of said inspection module.
  - 16. The program storage device of claim 12, wherein said step of notifying the firewall core comprises:
    - transmitting a signal to the firewall core to indicate the loading of said inspection module.
  - 17. The program storage device of claim 12, said method further comprising:
    - indicating by said inspection module said particular protocol of data packets that said inspection module inspects.

18. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for adding protocol knowledge to a firewall system during runtime comprising, said firewall system including a firewall core, said method comprising:
- loading a new inspection module into a memory monitored by said firewall core during operation of said firewall system wherein said inspection module comprises software code executable to inspect a data packet of a new particular protocol wherein said new particular protocol is different from each said particular protocol provided by other inspection modules in said memory and indicates to said firewall core said new particular protocol for data packets said inspection module is configured to provide inspection notifying the firewall core said inspection module is loaded into said memory responsive to said loading;
  
  and communicating a set of callback functions from said inspection module to said firewall core.
- View Dependent Claims (19, 20)
- - 19. The program storage device of claim 18, said method further comprising:
    - enabling said inspection module prior to communicating said set of callback functions to said firewall core.
  - 20. The program storage device of claim 18, said method further comprising:
    - inspecting of packets by said inspection module, said packets communicated from the firewall core to said inspection module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Boutros, Sami, Truong, Steve H.
Primary Examiner(s)
Vu; Kim
Assistant Examiner(s)
KLIMACH, PAULA W

Application Number

US09/504,005
Time in Patent Office

2,577 Days
Field of Search

713/200, 713/159, 713/167, 713/165, 713/202, 713/151, 713/164, 713/201, 709223-225, 709/227, 709/229, 717/176, 717/170, 726/11, 726 13- 14
US Class Current

726/13
CPC Class Codes

H04L 63/02 for separating internal fro...

H04L 67/34 involving the movement of s...

Method and apparatus for adding and updating protocol inspection knowledge to firewall processing during runtime

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for adding and updating protocol inspection knowledge to firewall processing during runtime

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links