公开(公告)号：US12058108B2

公开(公告)日：2024-08-06

申请号：US17723191

申请日：2022-04-18

Applicant: VMware LLC

Inventor： Jingmin Zhou ,  David Lorenzo ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: H04L9/40 ,  G06F9/455 ,  G06F16/901

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  G06F16/9024 ,  H04L63/0218 ,  G06F2009/45587

Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.

公开(公告)号：US11954005B2

公开(公告)日：2024-04-09

申请号：US18196367

申请日：2023-05-11

Applicant: VMware LLC

Inventor： Jingmin Zhou ,  Subrahmanyam Manuguri ,  Jayant Jain ,  Anirban Sengupta

IPC: G06F9/44 ,  G06F11/30 ,  G06F40/205 ,  G06V10/94

CPC classification number: G06F11/3072 ,  G06F40/205 ,  G06V10/955

Abstract: In some embodiments, a method stores a plurality of identifiers for a plurality of rules. The plurality of rules each include a set of patterns, and a rule and a pattern combination is associated with an identifier in the plurality of identifiers. Information being sent on a network is scanned and the method determines when a pattern in the information matches a pattern for a rule. The method identifies an identifier for the pattern where the identifier identifies a rule and a pattern combination. Then, the method identifies the rule and the pattern combination based on the identifier. The set of patterns for the rule is found in the information based on determining that the rule and the pattern combinations for the rule have been found in the information.