With the advent of the Internet and other data networks, the importance of mechanisms enabling communication has grown significantly. Computing devices are typically equipped with network stacks for managing the sending and receiving of network packets, and these stacks are often organized in accordance with one or more protocols. For example, network stacks may conform to the Open Systems Interconnection (OSI) model and include interfaces linking the layers of the OSI model. One example of such interfaces is provided by the Network Driver Interface Specification (NDIS) logical link control. An NDIS logical link control forms the upper sublayer of the OSI data link layer and provides an interface between the data link layer of the OSI model and the network layer of the OSI model.
The NDIS logical link control often includes filter modules, such as NDIS lightweight filters, that act as filters on traffic through the network stack. For example, a filter module of the NDIS logical link control may provide firewall functionality by blocking transmission through the network stack of data packets associated with a specific Internet Protocol (IP) address.
Also, as computing devices have advanced, the use of virtualization has become more prevalent. Many computer systems utilize virtual machines in order to host multiple operating systems on the same device and provide a virtual machine manager (VMM) or hypervisor to act as an interface between the virtual machines of a device and the device's hardware. The VMM or hypervisor often implements a virtual switch to provide networking between virtual machines on the device and between those virtual machines and other devices. In Hyper-V, for example, a parent partition (or root virtual machine) implements the virtual switch and a hypervisor acts as an interface between the device hardware and the virtual machines.
When networking with a device using virtualization, however, the above-described filter modules can only be implemented in the network stack associated with the device drivers of the network interface hardware of the device. Filter modules, such as NDIS lightweight filters, are not designed to be implemented in a virtual stack of a virtual switch or of a virtual network interface. Thus, traditional filter modules can only filter traffic to or from the device, but not intra-device traffic from one virtual machine to another.