Patent search ap:("Juniper Networks Page Inc.") AND inv:"Erin MacNeil"

1.

发明授权
Apparatus, system, and method for applying firewall rules at dynamic offsets within packets in kernel space 有权

公开(公告)号：US10798059B1

公开(公告)日：2020-10-06

申请号：US15726718

申请日：2017-10-06

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh , Sreekanth Rupavatharam , Hariprasad Shanmugam , Erin MacNeil

IPC: H04L29/06 , H04L29/08

Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses systems, and methods are also disclosed.

2.

发明授权
Apparatus, system, and method for applying firewall rules at dynamic offsets within packets in kernel space 有权

公开(公告)号：US11388140B1

公开(公告)日：2022-07-12

申请号：US16940425

申请日：2020-07-28

Applicant: Juniper Networks, Inc.

Inventor： Prashant Singh , Sreekanth Rupavatharam , Hariprasad Shanmugam , Erin MacNeil

IPC: H04L9/40 , H04L69/22 , H04L69/329

Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses, systems, and methods are also disclosed.

Patent Agency Ranking