Computerized system and method for handling network traffic
First Claim
Patent Images
1. A method comprising:
- initiating a service daemon process within a firewall coupled to a plurality of virtual domains, wherein the service daemon process handles content processing of network traffic for all of the plurality of virtual domains by aggregating communication channels associated with the plurality of virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain of the plurality of virtual domains with which the network traffic is associated;
receiving, by the firewall, a first connection request involving a first network entity of a first virtual domain of the plurality of virtual domains;
establishing a first communication channel for the first virtual domain between a kernel of the firewall and the service daemon process to transfer at least a portion of network traffic for the first virtual domain between the service daemon process and the kernel;
configuring the service daemon process to perform content processing in accordance with a first content processing policy of the first virtual domain;
performing, by the service daemon process, content processing of the transferred network traffic for the first virtual domain based on the first content processing policy;
receiving, by the firewall, a second connection request involving a second network entity of a second virtual domain of the plurality of virtual domains;
establishing a second communication channel for the second virtual domain between the kernel and the service daemon process to transfer at least a portion of network traffic for the second virtual domain between the service daemon process and the kernel;
configuring the service daemon process to perform content processing in accordance with a second content processing policy of the second virtual domain; and
performing, by the service daemon process, content processing of the transferred network traffic for the second virtual domain based on the second content processing policy; and
causing to be retrieved, by the firewall, information regarding the first content processing policy from a configuration database based on an attribute of the first communication channel.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, content processing of network traffic associated with multiple virtual domains is performed by a service daemon process initiated within a firewall. The service daemon process handles content processing of network traffic for the virtual domains by aggregating communication channels associated with the virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain with which the network traffic is associated.
14 Citations
14 Claims
-
1. A method comprising:
-
initiating a service daemon process within a firewall coupled to a plurality of virtual domains, wherein the service daemon process handles content processing of network traffic for all of the plurality of virtual domains by aggregating communication channels associated with the plurality of virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain of the plurality of virtual domains with which the network traffic is associated; receiving, by the firewall, a first connection request involving a first network entity of a first virtual domain of the plurality of virtual domains; establishing a first communication channel for the first virtual domain between a kernel of the firewall and the service daemon process to transfer at least a portion of network traffic for the first virtual domain between the service daemon process and the kernel; configuring the service daemon process to perform content processing in accordance with a first content processing policy of the first virtual domain;
performing, by the service daemon process, content processing of the transferred network traffic for the first virtual domain based on the first content processing policy;receiving, by the firewall, a second connection request involving a second network entity of a second virtual domain of the plurality of virtual domains;
establishing a second communication channel for the second virtual domain between the kernel and the service daemon process to transfer at least a portion of network traffic for the second virtual domain between the service daemon process and the kernel;configuring the service daemon process to perform content processing in accordance with a second content processing policy of the second virtual domain; and
performing, by the service daemon process, content processing of the transferred network traffic for the second virtual domain based on the second content processing policy; andcausing to be retrieved, by the firewall, information regarding the first content processing policy from a configuration database based on an attribute of the first communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium tangibly embodying one or more sequences of instructions, which when executed by one or more processors of a networking device, coupled to a plurality of virtual domains, cause the one or more processors to perform a method comprising:
-
initiating a service daemon process within the networking device, wherein the service daemon process handles content processing of network traffic for all of the plurality of virtual domains by aggregating communication channels associated with the plurality of virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain of the plurality of virtual domains with which the network traffic is associated; receiving, by the networking device, a first connection request involving a first network entity of a first virtual domain of the plurality of virtual domains; establishing a first communication channel for the first virtual domain between a kernel of the networking device and the service daemon process to transfer at least a portion of network traffic for the first virtual domain between the service daemon process and the kernel; configuring the service daemon process to perform content processing in accordance with a first content processing policy of the first virtual domain; performing, by the service daemon process, content processing of the transferred network traffic for the first virtual domain based on the first content processing policy; receiving, by the networking device, a second connection request involving a second network entity of a second virtual domain of the plurality of virtual domains; establishing a second communication channel for the second virtual domain between the kernel and the service daemon process to transfer at least a portion of network traffic for the second virtual domain between the service daemon process and the kernel; configuring the service daemon process to perform content processing in accordance with a second content processing policy of the second virtual domain; and
performing, by the service daemon process, content processing of the transferred network traffic for the second virtual domain based on the second content processing policy; andcausing to be retrieved, by the network device, information regarding the first content processing policy from a configuration database based on an attribute of the first communication channel. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification