Packet processing generally refers to the analysis, modification, and transferring of network packets, which is performed by various devices of a communications network. In packet processing, an entire network packet may be copied for each application or guest that is to receive the network packet. Such network packet duplication generally provides increased data security, but adversely impacts performance.
Alternatively, various applications and guests may be provided with access to the same network packet data in a shared area of memory. In such “zero-copy” configurations, network packet data is not copied from one area of memory to dedicated areas of memory associated with each application or guest. As a result, performance is generally faster, but network packet data is less secure.
Thus, in traditional packet processing, data security comes at the cost of performance, and vice versa. Accordingly, improved methods of packet processing can provide secure data access without sacrificing performance.