主权项 |
1. A method comprising:
running a first network security application on a first central processing unit (CPU) of a plurality of CPUs of a host processor of a network security appliance; running a second network security application on a second CPU of the plurality of CPUs; defining, by a network Input/Output (I/O) device of the network security appliance, a first direct cache access (DCA) control for a first I/O device queue of a plurality of I/O device queues of the network I/O device corresponding to the first CPU, wherein the first DCA control is indicative of a first set of one or more portions of a packet queued on the first I/O device queue that are to be copied to a cache of the first CPU responsive to transfer of the packet queued on the first I/O device queue to a portion of a host memory of the host processor accessible to the first CPU; defining, by the network Input/Output (I/O) device, a second DCA control for a second I/O device queue of the plurality of I/O device queues corresponding to the second CPU, wherein the second DCA control is indicative of a second set of one or more portions of a packet queued on the second I/O device queue that are to be copied to a cache of the second CPU responsive to transfer of the packet queued on the second I/O device queue to a portion of the host memory accessible to the second CPU; receiving, by the network I/O device, an incoming packet; identifying, by the network I/O device, boundaries of portions of the incoming packet by parsing the incoming packet; and causing appropriate portions of the incoming packet to be processed in parallel by the first network security application and the second network security application by:
queuing, by the network I/O device, the incoming packet on the first I/O device queue;queuing, by the network I/O device, the incoming packet on the second I/O device queue;transferring, by a host controller associated with the host memory, the incoming packet from the first I/O device queue to the portion of the host memory accessible to the first CPU;transferring, by the host controller, the incoming packet from the second I/O device queue to the portion of the host memory accessible to the second CPU;copying, by the host controller, the first set of one or more portions of the incoming packet to the cache of the first CPU; andcopying, by the host controller, the second set of one or more portions of the incoming packet to the cache of the second CPU. |