主权项 |
1. A computer-implemented method, comprising:
receiving, by an inspection module running within a kernel layer of a first host computer, one or more packets of a flow of packets from a source to a destination, wherein the source or the destination is a first virtual machine running on the first host computer; determining, by the inspection module, from a comparison of the content of the one or more packets to a policy while or after the a copy of the one or more packets are forwarded to the destination, that the flow of packets triggers a policy response; and performing, by the inspection module, the policy response in response to said determination, wherein the policy response has an impact on the flow of packets to or from the first virtual machine. |