1. Field of the Invention
The present invention relates generally to the field of network communication and, more specifically, the present invention relates to a method for establishing network tunnels.
2. Description of the Related Art
Computer technology is continuously advancing, providing newer computer systems with continuously improved performance. One result of this improved performance is an increased use of computer systems by individuals in a wide variety of business, academic and personal applications. In some instances, these computers are linked together by a network, such as, for example, the Internet, so that the systems can communicate with each other using network communications.
In a typical network communication, a data packet, which, for example, may contain audio and video (xe2x80x9cAVxe2x80x9d) data, is used to transmit data between the systems. A packet is typically organized into a format according to a conventional network protocol, such as, for example, IP (xe2x80x9cInternet Protocolxe2x80x9d). IP allows a packet to pass across the Internet with the best-effort packet delivery service.
A problem with a conventional packet transmission across a network, such as the Internet, is the security of the packet. In other words, the content of the packet could be captured by an unintended party during the course of transmitting across the network. To enhance the packet security, various schemes have been developed, such as, for example, encrypted tunnels.
A tunnel is a virtual path that can be established between network nodes. A typical tunneling process encapsulates a packet with the source network into an intermediate network and the encapsulation is later removed before the packet reaches its destination node. Transport rules provide services that allow two or more machines to set up sessions so that machines can communicate with each other. Accordingly, a set of IPSEC (Internet Protocol Security) transport mode rules and tunnel mode rules are typically used to enhance the packet security.
However, a problem associated with the currently employed scheme is that the scheme performs only the first rule that it encounters. In other words, the currently employed scheme performs the first rule, which could be either an IPSEC transport mode rule or an IPSEC tunnel mode rule, that it encounters and ignores the remaining rules.
Therefore, there is a need to have a mechanism for establishing tunnels in response to multiple IPSEC rules.
A transport action is, in one embodiment, identified in response to packet parameters. Next, the transport action is pushed onto a pending stack. When a tunnel action is identified in response to the packet parameters, the tunnel action is pushed onto the pending stack. At least one tunnel is set up in response to the pending stack. The tunnel action stored at the top of the pending stack is performed first and the tunnel action stored at the bottom of the pending stack is performed last.