System, method and computer program product for monitoring and controlling network connections from a supervisory operating system
First Claim
1. A method for monitoring and controlling a networked environment, the method comprising:
- receiving, by a network device via a network, a first packet;
receiving, by a network device via a network, a second packet; and
invoking an event handler in response to receiving each of the first packet and the second packet, wherein the event handler is a task of a supervisory operating system, and the event handler is interposed between a network device driver executing on the supervisory operating system and a network client application operating under a secondary operating system, and wherein the event handler performs operations comprising;
examining at least one field of the first packet;
determining, based at least in part on content of the at least one field of the first packet, that the first packet is acceptable;
in response to determining that the first packet is acceptable, passing the first packet to the network client application of the secondary operating system;
examining at least one field of the second packet;
determining, based at least in part on content of the at least one field of the second packet, that the second packet is not acceptable; and
in response to determining that the second packet is not acceptable, not passing the second packet to the network client application of the secondary operating system;
wherein each of the determining that the first packet is acceptable and the determining that the second packet is not acceptable comprises one or more of;
determining whether the first packet or the second packet is destined for a port that has been identified as being a critical port;
determining whether the first packet or the second packet contains a predetermined message;
determining whether the first packet or the second packet was transmitted from a processing system that is a member of a predefined group of processing systems; and
determining whether the first packet or the second packet comprises a perceived security threat,wherein the supervisory operating system and the secondary operating system execute concurrently on a machine.
4 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product that is designed to support high-availability, rapid fault recovery, out of band condition signaling and/or other quality of service assurances and security in a networked environment. In one aspect, a method of the invention includes the step of providing a processing system with a dual-kernel or multi-kernel software operating system. The operating system includes a supervisory operating system and a secondary operating system that provides network functions to user applications. The method also includes the step of providing a Network Control Software (NCS) in the supervisory operating system. The NCS is configured to transparently monitor and control network operations in the secondary operating system.
57 Citations
34 Claims
-
1. A method for monitoring and controlling a networked environment, the method comprising:
-
receiving, by a network device via a network, a first packet; receiving, by a network device via a network, a second packet; and invoking an event handler in response to receiving each of the first packet and the second packet, wherein the event handler is a task of a supervisory operating system, and the event handler is interposed between a network device driver executing on the supervisory operating system and a network client application operating under a secondary operating system, and wherein the event handler performs operations comprising; examining at least one field of the first packet; determining, based at least in part on content of the at least one field of the first packet, that the first packet is acceptable; in response to determining that the first packet is acceptable, passing the first packet to the network client application of the secondary operating system; examining at least one field of the second packet; determining, based at least in part on content of the at least one field of the second packet, that the second packet is not acceptable; and in response to determining that the second packet is not acceptable, not passing the second packet to the network client application of the secondary operating system; wherein each of the determining that the first packet is acceptable and the determining that the second packet is not acceptable comprises one or more of; determining whether the first packet or the second packet is destined for a port that has been identified as being a critical port; determining whether the first packet or the second packet contains a predetermined message; determining whether the first packet or the second packet was transmitted from a processing system that is a member of a predefined group of processing systems; and determining whether the first packet or the second packet comprises a perceived security threat, wherein the supervisory operating system and the secondary operating system execute concurrently on a machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 28, 31)
-
-
9. A network control system for monitoring and controlling a networked environment, the system comprising:
-
a network device configured to communicate with a network via a communications medium and configured to receive a first and a second packet, the first packet and the second packet transmitted using the communications medium; a supervisory operating system; a secondary operating system, wherein the supervisory operating system and the secondary operating system execute concurrently on a machine; a network device driver configured to execute on the supervisory operating system; a network client application configured to run as a task of the secondary operating system; and a network control software application, interposed between the network device driver and the network client application, and configured to run as a task of the supervisory operating system and configured to; examine at least one field of the first packet received by the network device; determine, based at least in part on content of the at least one field of the first packet, that the first packet is acceptable; in response to determining that the first packet is acceptable, pass the first packet to the network client application of the secondary operating system; examine at least one field of the second packet received by the network device; determine, based at least in part on content of the at least one field of the second packet that the second packet is not acceptable; and in response to determining that the second packet is not acceptable, not pass the second packet to the network client application of the secondary operating system wherein each of the determining that the first packet is acceptable and the determining that the second packet is not acceptable comprises one or more of; determining whether the first packet or the second packet is destined for a port that has been identified as being a critical port; determining whether the first packet or the second packet contains a predetermined message; determining whether the first packet or the second packet was transmitted from a processing system that is a member of a predefined group of processing systems; and determining whether the first packet or the second packet comprises a perceived security threat. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 29, 32)
-
-
19. A computer-readable device, storing instructions that, when executed by a computing system, cause the computing system to perform operations comprising:
-
receiving a first packet and a second packet that each were received by a network device via a network; and invoking an event handler in response to receiving each of the first packet and the second packet, wherein the event handler is a task of a supervisory operating system, the event handler is interposed between a network device driver executing on the supervisory operating system and a network client application operating under a secondary operating system, and wherein the event handler performs operations comprising; examining at least one field of the first packet; determining, based at least in part on content of the at least one field of the first packet, that the first packet is acceptable; in response to determining that the first packet is acceptable, passing the first packet to the network client application of the secondary operating system; examining at least one field of the second packet; determining, based at least in part on content of the at least one field of the second packet, that the second packet is not acceptable; and in response to determining that the second packet is not acceptable, not passing the second packet to the network client application of the secondary operating system; wherein each of the determining that the first packet is acceptable and the determining that the second packet is not acceptable comprises one or more of; determining whether the first packet or the second packet is destined for a port that has been identified as being a critical port; determining whether the first packet or the second packet contains a predetermined message; determining whether the first packet or the second packet was transmitted from a processing system that is a member of a predefined group of processing systems; and determining whether the first packet or the second packet comprises a perceived security threat, wherein the supervisory operating system and the secondary operating system execute concurrently on a machine. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 30, 33, 34)
-
Specification