US 11,989,575 B2
Bi-directional interpositioning of virtual hardware
Adrianne Conage, Baltimore, MD (US); and Yasmine A. Zakout, Alexandria, VA (US)
Assigned to NIGHTWING GROUP, LLC., New York, NY (US)
Filed by Raytheon Company, Waltham, MA (US)
Filed on Jun. 5, 2020, as Appl. No. 16/893,904.
Prior Publication US 2021/0382742 A1, Dec. 9, 2021
Int. Cl. G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 13/42 (2006.01)
CPC G06F 9/45558 (2013.01) [G06F 9/546 (2013.01); G06F 13/4221 (2013.01); G06F 2009/45562 (2013.01); G06F 2009/45595 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method comprising:
retrieving a message that is designated for transmission via a first one of a plurality of communications hardware devices, the message being retrieved from a virtual device queue associated with an abstraction of the first communications hardware device, the abstraction of the first communication s hardware device and the virtual device queue being provided by a hypervisor executing a first virtual machine, the message being generated by the first virtual machine, and the message being designated for transmission to a second virtual machine;
selecting a second one of the plurality of communications hardware devices based on a policy rule, the policy rule including a condition identifying: (i) the first virtual machine as a source virtual machine for messages against which the policy rule is applied, (ii) the second virtual machine as a destination virtual machine for the messages against which the policy rule is applied, and (iii) a respective identifier of the second communications hardware device, thereby designating the second communications hardware device as a preferred device for handling messages that are transmitted from the first virtual machine to the second virtual machine, the policy rule being enforced against messages that are transmitted from the first virtual machine to the second virtual machine; and
storing the message in a socket queue that is associated with the second communications hardware device, the socket queue being provided outside of the hypervisor in an operating system that is executing the hypervisor,
wherein storing the message in the socket queue that is associated with the second communications hardware device causes the message to be transmitted to the second virtual machine via the second communications hardware device rather than the first communications hardware device, the first and second communications hardware devices being part of a computing system that is executing the first virtual machine,
wherein the first communications hardware device is configured to transmit and receive data over a first communications channel that is not monitored by a monitoring utility, the second communications hardware device is configured to transmit and receive data over a second communications channel that is monitored by the monitoring utility, and storing the message in the socket queue that is associated with the second communications hardware device causes the message to be examined by the monitoring utility.