Computerized system and method for handling network traffic
First Claim
1. A computer-implemented method for handling network traffic for a plurality of virtual domains, the method comprising:
- a. defining a plurality of network interfaces of a networking device coupled to a configuration sever via a firewall and a service daemon process, each of the plurality of network interfaces corresponding to a virtual domain of the plurality of virtual domains;
b. storing virtual domain state information for the plurality of virtual domains in a virtual domain state data structure;
c. initiating a service process within the networking device that is to handle network traffic based on a predetermined policy;
d. assigning a variable with the service process, the variable pointing to an instance of the virtual domain state data structure, the instance comprising information regarding a state of the virtual domain;
e. in response to a connection request involving a network entity for a virtual domain of the plurality of virtual domains, opening a communication channel between the service process and a kernel of an operating system of the networking device;
f. using the opened communication channel to transfer at least a portion of network traffic for the virtual domain between the service process and the kernel; and
g. handling the transferred network traffic in the service process based on the predetermined policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A computerized system and method for processing network content associated with multiple virtual domains. The processing may include anti-malware scanning and/or content filtering. The content associated with multiple domains may be processed in the same daemon process. In response to connection requests from virtual domains, the service process creates separate sockets to communicate with each virtual domain. A global configuration management module is used to provide configuration parameters for each session to the service process. A logging manager processes both the global logs and the logs from each virtual domain. Alternatively, the service process may initiate other service processes to handle incoming connections from one or more virtual domains, in order to better utilize resources in a multiple-CPU environment. Different service processes may be used to handle various aspects of content processes, for example one process may handle anti-malware scanning, while another process may handle content filtering.
28 Citations
39 Claims
-
1. A computer-implemented method for handling network traffic for a plurality of virtual domains, the method comprising:
-
a. defining a plurality of network interfaces of a networking device coupled to a configuration sever via a firewall and a service daemon process, each of the plurality of network interfaces corresponding to a virtual domain of the plurality of virtual domains; b. storing virtual domain state information for the plurality of virtual domains in a virtual domain state data structure; c. initiating a service process within the networking device that is to handle network traffic based on a predetermined policy; d. assigning a variable with the service process, the variable pointing to an instance of the virtual domain state data structure, the instance comprising information regarding a state of the virtual domain; e. in response to a connection request involving a network entity for a virtual domain of the plurality of virtual domains, opening a communication channel between the service process and a kernel of an operating system of the networking device; f. using the opened communication channel to transfer at least a portion of network traffic for the virtual domain between the service process and the kernel; and g. handling the transferred network traffic in the service process based on the predetermined policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computerized firewall system for handling network traffic for a plurality of virtual domains, the firewall system comprising:
-
a. a plurality of network interfaces coupled to a configuration sever via a firewall and a service daemon process, each of the network interfaces of the plurality of network interfaces corresponding to a virtual domain of the plurality of virtual domains; b. storing virtual domain state information for the plurality of virtual domains in a virtual domain state data structure; c. a central processing unit (CPU) executing a kernel and a service process to handle network traffic based on a predetermined policy;
in response to a connection request involving a network entity for a virtual domain of the plurality of virtual domains, the CPU;i. opens a communication channel between the service process and the kernel; ii. uses the opened communication channel to transfer network traffic for the virtual domain between the service process and the kernel; iii. handles the transferred network traffic in the service process based on the predetermined policy; and iv. assigns a variable with the service process, the variable points to an instance of the virtual domain state data structure, the instance comprising information regarding a state of the virtual domain.
-
-
24. A computerized system for handling network traffic for a plurality of virtual domains, the system comprising:
-
a. a firewall comprising; i. a plurality of network interfaces coupled to a configuration sever via a firewall and a service daemon process, each of the plurality of network interfaces corresponding to a virtual domain of the plurality of virtual domains; ii. storing virtual domain state information for the plurality of virtual domains in a virtual domain state data structure; and iii. a processing unit executing a kernel and a service process to handle network traffic based on a predetermined policy;
in response to a connection request involving a network entity for a virtual domain of the plurality of virtual domains, the processing unit;i. opens a communication channel between the service process and the kernel; ii. uses the opened communication channel to transfer network traffic for the virtual domain between the service process and the kernel; iii. handles the transferred network traffic in the service process based on the predetermined policy; and iv. assigns a variable with the service process, the variable points to an instance of the virtual domain state data structure, the instance comprising information regarding a state of the virtual domain; c. a configuration server to provide configuration information to the service process in response to a configuration request from the service process; and d. a log server to log information in response to a logging request from the service process. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A non-transitory computer-readable medium embodying one or more sequences of instructions, which when executed by one or more processors of a networking device, causes the one or more processors to perform a method comprising:
-
a. defining a plurality of network interfaces of the networking device coupled to a configuration sever via a firewall and a service daemon process, each of the network interfaces of the plurality of network interfaces corresponding to a virtual domain of the plurality of virtual domains; b. storing virtual domain state information for the plurality of virtual domains in a virtual domain state data structure; c. initiating a service process within the networking device to handle network traffic based on a predetermined policy; d. assigns a variable with the service process, the variable points to an instance of the virtual domain state data structure, the instance comprising information regarding a state of the virtual domain; e. in response to a connection request involving a network entity for a virtual domain of the plurality of virtual domains, opening a communication channel between the service process and a kernel of an operating system of the networking device; f. using the opened communication channel to transfer network traffic for the virtual domain between the service process and the kernel; and g. handling the transferred network content in the service process based on the predetermined policy.
-
Specification