摘要 |
A traffic inspection and filtering system (100) monitors traffic across a protected interface. In the case of monitoring incoming traffic, the incoming packets (102) are directed via a mandatory path (104) to a packet capture process (106) associated with a kernel (110) of an operating system. The packets are then stored in shared memory (112) of the kernel (112) for access by a user space application (108) that makes a filtering decision without requiring copying of the packet to user space and back.
|