US 12,487,842 B2
Secure control of packet filter programs by user space processes in virtual machines
Michael Tsirkin, Haifa (IL); and Jesper Brouer, Frederikssund (DK)
Assigned to Red Hat, Inc., Raleigh, NC (US)
Filed by RED HAT, INC., Raleigh, NC (US)
Filed on Oct. 28, 2021, as Appl. No. 17/513,784.
Prior Publication US 2023/0140827 A1, May 4, 2023
Int. Cl. G06F 9/455 (2018.01); G06F 9/46 (2006.01); G06F 9/50 (2006.01)
CPC G06F 9/45558 (2013.01) [G06F 9/468 (2013.01); G06F 9/5077 (2013.01); G06F 2009/45579 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45595 (2013.01); G06F 2209/501 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A system comprising:
a memory device comprising a group of memory units; and
a first processing device, operatively coupled to the memory device, to perform operations comprising:
receiving, by a hypervisor, a data packet;
identifying a memory location associated with a guest virtual machine and accessible to the guest virtual machine and the hypervisor, wherein a program mapping table comprising one or more mapping table entries is stored at the memory location, each mapping table entry specifying a program selection criterion and a packet processing program;
identifying, among the one or more mapping table entries in the program mapping table stored at the memory location, a mapping table entry comprising a particular program selection criterion that is satisfied by the data packet at least in part by determining if a value included in the data packet is between first and second threshold values of the particular program selection criterion, wherein the identified mapping table entry specifies a first packet processing program; and
in response to identifying the mapping table entry comprising the particular program selection criterion that is satisfied by the data packet, executing the first packet processing program, wherein the data packet is provided to the first packet processing program as input.