US 12,244,565 B2
High-speed network packet payload inspection system based on eBPF (extended Berkeley Packet Filter)/XDP (express data path) for container environment
Seung Won Shin, Daejeon (KR); Myoung Sung You, Daejeon (KR); Sang Duk Suh, Seongnam-si (KR); Chang Hoon Yoon, Seongnam-si (KR); and Yeon Keun Kim, Yongin-si (KR)
Assigned to KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY, Daejeon (KR); and S2W INC., Seongnam-si (KR)
Filed by KOREA ADVANCED INSTITUTE OF SCIENCE AND TECHNOLOGY, Daejeon (KR); and S2W INC., Seongnam-si (KR)
Filed on Jul. 8, 2022, as Appl. No. 17/860,333.
Claims priority of application No. 10-2022-0006935 (KR), filed on Jan. 18, 2022.
Prior Publication US 2023/0231830 A1, Jul. 20, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0254 (2013.01) [H04L 63/0227 (2013.01); H04L 63/0245 (2013.01); H04L 63/0263 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/145 (2013.01); H04L 63/20 (2013.01)] 9 Claims
OG exemplary drawing
 
1. A method for inspecting a high-speed network packet payload by a terminal, the method comprising:
a step of receiving L7 (Layer 7) policy related to containers from a user;
a step of extracting string patterns to be inspected for each of the containers on the basis of the L7 policy through a pattern compiler;
a step of creating a deterministic finite automaton (DFA) on the basis of the extracted string patterns through the pattern complier; and
a step of converting a state transition table of the DFA into a match-action table through the pattern compiler and storing the match-action table in an eBPF (extended Berkeley Packet Filter) map for a payload inspection engine,
wherein the match-action table is a table representing relation among states of the DFA and actions corresponding to the states.