IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0284058
(2011-10-28)
|
등록번호 |
US-8327431
(2012-12-04)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
17 인용 특허 :
13 |
초록
▼
A method for processing packets in a computer undergoing transitioning from a first configuration of a firewall to a second configuration of the firewall is disclosed. Packets arriving in the computer are associated with the first configuration of the firewall existing in the computer, and after a s
A method for processing packets in a computer undergoing transitioning from a first configuration of a firewall to a second configuration of the firewall is disclosed. Packets arriving in the computer are associated with the first configuration of the firewall existing in the computer, and after a second configuration of the firewall becomes available, the computer starts associating packets arriving in the computer with the second configuration of the firewall, and processing packets associated with the second configuration according to the second configuration of the firewall, while continuing processing the packets associated with the first configuration according to the first configuration of the firewall until all packets associated with the first configuration are processed. Packets are processed by a plurality of firewall processing modules asynchronously. First and second reference counts, counting numbers of packets processed according to respective firewall configuration are conveniently introduced. A corresponding system is also provided.
대표청구항
▼
1. A method for processing packets in a computer undergoing transitioning from a first configuration of a firewall to a second configuration of the firewall, the method comprising: (1) associating packets arriving in the computer with the first configuration of the firewall existing in the computer;
1. A method for processing packets in a computer undergoing transitioning from a first configuration of a firewall to a second configuration of the firewall, the method comprising: (1) associating packets arriving in the computer with the first configuration of the firewall existing in the computer;(2) providing the second configuration of the firewall, comprising starting associating packets arriving in the computer with the second configuration of the firewall after the second configuration becomes available; and(3) by a hardware processor, processing the packets associated with the second configuration according to the second configuration of the firewall, while continuing processing the packets associated with the first configuration according to the first configuration of the firewall until all packets associated with the first configuration are processed. 2. The method of claim 1, wherein the step (3) comprises processing the packets, respectively associated with the first configuration and the second configuration, asynchronously, by a plurality of firewall processing modules, a function of each firewall processing module being defined by the respective configuration of the firewall. 3. The method of claim 1, further comprising introducing a first reference count and a second reference count, counting corresponding numbers of packets being processed by the firewall according to the first configuration and the second configuration respectively. 4. The method of claim 1, wherein: the step (1) comprises generating a first configuration object representing the first configuration of the firewall; andthe step (2) comprises generating a second configuration object representing the second configuration of the firewall. 5. The method of claim 4, further comprising: for each packet, generating a respective packet object representing the packet; andassociating the respective packet object with respective first or second configuration object. 6. The method of claim 1, wherein: the step (1) further comprises associating packets outgoing from the computer with the first configuration of the firewall existing in the computer; and the step (2) comprises starting associating packets outgoing from the computer with the second configuration of the firewall after the second configuration becomes available. 7. The method of claim 4, wherein the first configuration object and the second configuration object include elements selected from the group consisting of: a sequence number, a pointer to another configuration object, and a pointer to a configuration binary structure. 8. The method of claim 5, wherein said packet object includes elements selected from the group consisting of: an Access flag, an Ethernet header pointer, an IP (Internet Protocol) header pointer, a transport header pointer, and a configuration object pointer. 9. The method of claim 5, further comprising one or more of the following: providing a configuration object pointer on said packet object for referencing the respective first or second configuration object; orproviding at least two pointers on said packet object for referencing a data section and a header section of said packet. 10. The method of claim 4, wherein the first configuration and the second configuration are represented as corresponding binary blobs. 11. A non-transitory computer readable storage medium, comprising computer code instructions stored thereon for execution by a computer, causing the computer to perform steps of a method for processing packets in a computer undergoing transitioning from a first configuration of a firewall to a second configuration of the firewall, comprising: (1) associating packets arriving in the computer with the first configuration of the firewall existing in the computer;(2) providing the second configuration of the firewall, comprising starting associating packets arriving in the computer with the second configuration of the firewall after the second configuration becomes available; and(3) by a hardware processor, processing the packets associated with the second configuration according to the second configuration of the firewall, while continuing processing the packets associated with the first configuration according to the first configuration of the firewall until all packets associated with the first configuration are processed. 12. A system for processing packets in a computer undergoing transitioning from a first configuration of a firewall to a second configuration of the firewall, the system comprising: a processor and a non-transitory computer readable storage medium having computer readable instructions stored thereon for execution by the processor, causing the processor to: (1) associate packets arriving in the computer with the first configuration of the firewall existing in the computer; (2) provide the second configuration of the firewall, comprising starting associating packets arriving in the computer with the second configuration of the firewall after the second configuration becomes available; and (3) process the packets associated with the second configuration according to the second configuration of the firewall, while continuing processing the packets associated with the first configuration according to the first configuration of the firewall until all packets associated with the first configuration are processed. 13. The system of claim 12, wherein the computer readable instructions further cause the processor to process the packets, respectively associated with the first configuration and the second configuration, asynchronously, by a plurality of firewall processing modules, a function of each firewall processing module being defined by the respective configuration of the firewall. 14. The system of claim 12, wherein the computer readable instructions further cause the processor to introduce a first reference count and a second reference count, counting corresponding numbers of packets being processed by the firewall according to the first configuration and the second configuration respectively. 15. The system of claim 12, the computer readable instructions further cause the processor to: generate a first configuration object representing the first configuration of the firewall; andgenerate a second configuration object representing the second configuration of the firewall. 16. The system of claim 15, wherein the computer readable instructions further cause the processor to: for each packet, generate a respective packet object representing the packet; andassociate the respective packet object with respective first or second configuration object. 17. The system of claim 12, wherein the computer readable instructions further cause the processor to: associate packets outgoing from the computer with the first configuration of the firewall existing in the computer; andstart associating packets outgoing from the computer with the second configuration of the firewall after the second configuration becomes available. 18. The system of claim 15, wherein the first configuration object and the second configuration object include elements selected from the group consisting of: a sequence number, a pointer to another configuration object, and a pointer to a configuration binary structure. 19. The system of claim 16, wherein said packet object includes elements selected from the group consisting of: an Access flag, an Ethernet header pointer, an IP (Internet Protocol) header pointer, a transport header pointer, and a configuration object pointer. 20. The system of claim 16, the computer readable instructions further cause the processor to: provide a configuration object pointer on said packet object for referencing the respective first or second configuration object; orprovide at least two pointers on said packet object for referencing a data section and a header section of said packet. 21. The system of claim 15, wherein the first configuration and the second configuration are represented as respective binary blobs.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.