Zero copy packet buffering using shadow sends

摘要

Packets in an intrusion prevention system are inspected by a deep packet inspection engine. A packet may be queued for transmission onto an output queue and transmitted over a network while deep packet inspection is still being performed on the packet. Such simultaneous inspection processing and transmission may be implemented using two ownership bits for the packet, one to indicate “ownership to process” and one to indicate “ownership to send,” instead of the single ownership bit that is used in conventional systems. Furthermore, the packet may be inspected, queued onto the output queue, and transmitted without making a copy of the packet within the deep packet inspection engine. These techniques enable the inspection latency, and therefore the overall transmission latency, of packets to decrease, thereby improving the overall performance of the intrusion prevent system.

主权项

1. A method comprising:
(A) receiving a packet over a network; (B) performing deep packet inspection on the packet; (C) queuing the packet for transmission over a network while deep packet inspection is being performed on the packet; before (B), assigning processing ownership of the packet to deep packet inspection means; before (C), assigning transmission ownership of the packet to output means, wherein (B) comprises performing deep packet inspection on the packet using the deep packet inspection means, and wherein assigning processing ownership of the packet comprises modifying a first value of a first field in the packet and wherein assigning transmission ownership of the packet comprises modifying a second value of a second field in the packet.