Architecture and run-time environment for network filter drivers

Abstract

Filtering data packets in a manner that promotes efficient flow of data through a communication path. A filter stack includes one or more filter instances that may filter data packets that pass through the filter stack. The filter stack is associated with one or more protocol stacks that function in communication paths between a computing device and a network. When filtering instances are inserted to or removed from a filter stack, associated protocol stacks may remain capable of transferring data. An abstract interface facilitates inserting and removing filter instances by passing data to filter drivers that create filter instances. A filter driver may create multiple filter instances. Filtering operations associated with filter instances may be bypassed based on the direction of data flow, control flow, and characteristics of packets.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS [0001] This application is a divisional of U.S. patent application Ser. No. 10 / 020,286, filed Dec. 11, 2001 and entitled “ARCHITECURE AND RUN-TIME ENVIRONMENT FOR NETWORK FILTER DRIVERS” and which is incorporated herein by reference.BACKGROUND OF THE INVENTION [0002] 1. The Field of the Invention [0003] The present invention relates to filtering data packets. More specifically, the present invention relates to systems, methods, and computer program products for an abstract interface to manage insertion of filter instances into a filter stack, removal of filter instances from a filter stack, and bypassing the functionality of a filter instance without disrupting associated protocol stack operations. [0004] 2. Background and Relevant Art [0005] In today's world, a large number of computers are coupled to one another through computer networks, such as the Internet, which allow the computers to exchange data. However, the majority of these compute...

AI Technical Summary

Benefits of technology

[0017] The principles of the present invention provide for efficiently filtering data packets and changing filtering operations. Protocol stacks included in a computing device are associated with a filter stack than may include one or more filter instances. Data packets associated with the protocol stacks pass through the filter instances that may perform filtering operations on the data packets. Filter instances may be inserted into or removed from a filter stack in a manner that reduces the chance of disrupting associated protocol stacks.

[0019] When a filter instance is inserted into the filter stack, a filter driver may receive parameters from the abstract interface. These parameters facilitate configuration of the filter instance to perform filtering operations. Filter instances may be configured to perform different filtering operations based on the characteristics of an input data packet. For example, one filter stack may filter both Internet Protocol (“IP”) and Internetwork Packet Exchange (“IPX”) packets. If appropriate, the parameters may cause the filter instance to perform the same processing regardless of whether data is included in an IP packet or an IPX packet. Also, if appropriate, the parameters may cause the filter instance to perform similar, but somewhat different, processing depending on whether data is included in IP packet or an IPX packet.

[0020] Filtering data packets using a single filter stack for all transports versus one instance per transport may reduce the number of filter instances that are configured and maintained by a computing device. This reduces the chance that a filter stack will be configured with redundant logic and thus also reduces the operational complexity associated with filtering data packets.

[0021] When an abstract interface facilitates insertion of a new filter instance into an operational filter stack, it may first notify associated protocol stacks that the current filter stack is about to be paused. The abstract interface may then pause the filter stack. Pausing the filter stack may involve calling a “pause” module that is associated with each filter instance in the current filter stack. Once all filter instances are paused, a new filter instance may be inserted in the proper location in the filter stack. The abstract interface may then notify all protocols that the filter stack is going to be started and that it includes the functionality of the newly added filter instance. The new filter stack may then be started. This may involve calling a “start” module associated with each filter module in the new filter stack.

[0023] A filter instance may be inserted into the filter stack according to the received parameters. The filter driver may send a status code to the abstract interface, indicating the results of the attempt to insert the filter instance into the filter stack. Through the use of differing filter handles, multiple independent filter instances of the same filter may be installed into a filter stack. All of these operations may be performed in a manner that reduces the likelihood of tearing down associated protocol stacks or resetting associated operating systems.

[0024] During the actual transfer of data, a filter instance may perform some but not all associated internal filtering operations, based on characteristics of an input data packet received by the filter instance. For example, when a filter instance receives an IP packet, it may perform certain filtering operations that are not performed if the filter instance receives an IPX packet. Filter instances may also be configured to operate in “bypass” modes, where a packet completely bypasses a filter instance associated with a communication path, such as a data path or control path. This increases the efficiency of the filtering process as processor resources are not used to performing extraneous filtering operations.

Problems solved by technology

This reduces the chance that a filter stack will be configured with redundant logic and thus also reduces the operational complexity associated with filtering data packets.

Images