Method and apparatus for adding and updating protocol inspection knowledge to firewall processing during runtime
First Claim
Patent Images
1. A firewall device for inspecting packets transmitted over a network comprising:
- a) a firewall core connected to each of a plurality of communication interfaces and executing at least one inspection module wherein each at least one inspection module is software code configured to carry out an operation of providing protocol information for a particular protocol to said firewall core; and
b) a new inspection module inserted into an operating memory of said firewall core during operation of said firewall core wherein said new inspection module is software code configured to carry out an operation of providing protocol inspection for a new particular protocol to said firewall core wherein said new particular protocol is different from each said particular protocol provided by each said at least one inspection module and wherein each said at least one inspection module and new inspection module are each further configured to indicate to said firewall core which protocol for data packets said inspection module is configured to provide inspection.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for adding and updating protocol inspection knowledge/information to a firewall system during operation and without interrupting firewall services. The invention allows inspection modules, which contain protocol information, to be added and updated to the system without requiring a service restart of the firewall system.
23 Citations
20 Claims
-
1. A firewall device for inspecting packets transmitted over a network comprising:
-
a) a firewall core connected to each of a plurality of communication interfaces and executing at least one inspection module wherein each at least one inspection module is software code configured to carry out an operation of providing protocol information for a particular protocol to said firewall core; and b) a new inspection module inserted into an operating memory of said firewall core during operation of said firewall core wherein said new inspection module is software code configured to carry out an operation of providing protocol inspection for a new particular protocol to said firewall core wherein said new particular protocol is different from each said particular protocol provided by each said at least one inspection module and wherein each said at least one inspection module and new inspection module are each further configured to indicate to said firewall core which protocol for data packets said inspection module is configured to provide inspection. - View Dependent Claims (2, 3, 4)
-
-
5. A firewall core in a firewall system that inspects data packets transmitted over a network comprising:
-
a communication unit where said communication unit is operatively coupled to each one of a plurality of communication interfaces connected to said network; a set of callback functions, retrieved from each of at least one inspection modules loaded into a memory of said firewall core, each of said set of callback functions provide communication between said firewall core and one of said at least one inspection modules and wherein each said at least one inspection module is software code configured to carry out the operation of providing protocol information and to inspect data packets of a particular protocol; and wherein said firewall core monitors said memory to determine when a new inspection module is loaded into said memory wherein said in new inspection module is inserted into an operating memory of said firewall core during operation of said firewall core wherein said new inspection module is software code configured to carry out an operation of providing protocol inspection for a new particular protocol to said firewall core wherein said new particular protocol is different from each said particular protocol provided by each said at least one inspection module and wherein each said at least one inspection module and new inspection module are each further configured to indicate to said firewall core which protocol for data packets said inspection module is configured to provide inspection. - View Dependent Claims (6, 7, 8)
-
-
9. An inspection module in a memory of a firewall device comprising software code that inspects packets transmitted over a network in a particular protocol, said inspection module comprising:
-
an inspection unit configured to inspect and authorize data packets formatted in a new particular protocol wherein said new particular protocol is different from each said particular protocol provided by other inspection modules in said memory; a function table including a set of callback functions wherein said set if callback functions provides communication between said firewall core and said inspection module; and wherein said inspection module is loaded into said memory monitored by said firewall core during operation of said firewall device and indicates to said firewall core said new particular protocol for data packets said inspection module is configured to provide inspection. - View Dependent Claims (10, 11)
-
-
12. A method for providing an inspection module for inspecting data packets of a particular protocol to a firewall system during runtime comprising:
-
loading a new inspection module into a memory monitored by a firewall core during operation of said firewall system wherein said inspection module comprises software code for an application providing inspections of packets in a new particular protocol wherein said new particular protocol is different from each said particular protocol provided by other inspection modules in said memory; communicating said set of callback functions from said inspection module to said firewall core; indicating to said firewall core which protocol for data packets said inspection module is configured to provide inspection. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for adding protocol knowledge to a firewall system during runtime comprising, said firewall system including a firewall core, said method comprising:
-
loading a new inspection module into a memory monitored by said firewall core during operation of said firewall system wherein said inspection module comprises software code executable to inspect a data packet of a new particular protocol wherein said new particular protocol is different from each said particular protocol provided by other inspection modules in said memory and indicates to said firewall core said new particular protocol for data packets said inspection module is configured to provide inspection notifying the firewall core said inspection module is loaded into said memory responsive to said loading; and communicating a set of callback functions from said inspection module to said firewall core. - View Dependent Claims (19, 20)
-
Specification