公开(公告)号：US20130297774A1

公开(公告)日：2013-11-07

申请号：US13789221

申请日：2013-03-07

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope ,  David J. Riddoch ,  Kieran Mansley

IPC: H04L12/24

CPC classification number: H04L41/083 ,  H04L47/286 ,  H04L47/32 ,  H04L47/564

Abstract: Roughly described, a network interface device receiving data packets from a computing device for transmission onto a network, the data packets having a certain characteristic, transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses, for example. Authorizations can be programmed into the NIC by a kernel routine upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from certain kinds of compromise.

Abstract translation: 大体上描述了一种从计算设备接收数据包以便传输到网络上的网络接口设备，具有一定特性的数据分组仅在发送队列具有发送具有该特性的分组的权限时发送分组。 数据包特征可以包括传输协议号，源和目的端口号，源和目的IP地址。 基于建立队列的进程的权限级别，可以通过内核例程在建立传输队列时将授权编程到NIC中。 以这种方式，用户进程可以使用不受信任的用户级协议栈来发起到网络上的数据传输，而NIC保护系统或网络的其余部分免受某些种类的折中。