| CPC H04L 63/0245 (2013.01) [H04L 63/0263 (2013.01); H04L 63/0428 (2013.01); H04L 63/166 (2013.01); H04L 63/20 (2013.01)] | 18 Claims |
|
1. A method of performing a firewall operation comprising:
instantiating, on a computer, first and second firewall processes that are two separate processes;
using the first firewall process to examine a data message to determine whether a TLS-based firewall policy has to be enforced on the data message;
based on a determination that a TLS-based firewall policy has to be enforced on the data message, providing metadata, produced by the first firewall process in its examination of the data message, to the second firewall process; and
having the second firewall process use the provided metadata to perform a TLS-based firewall operation based on the TLS-based firewall policy;
wherein the computer executes a Linux operating system, and
wherein providing the metadata comprises providing the data message with the metadata to a kernel of the Linux OS,
said providing triggering an eBPF (Extended Berkley Packet Filter) program to store the metadata along with a set of header values of the data message in a connection tracker that associates metadata with sets of header values of received data messages for the second firewall process to examine.
|