1. The Field of the Invention
The present invention relates to filtering data packets. More specifically, the present invention relates to systems, methods, and computer program products for an abstract interface to manage insertion of filter instances into a filter stack, removal of filter instances from a filter stack, and bypassing the functionality of a filter instance without disrupting associated protocol stack operations.
2. Background and Relevant Art
In today's world, a large number of computers are coupled to one another through computer networks, such as the Internet, which allow the computers to exchange data. However, the majority of these computers are not directly coupled in a one-to-one relationship. Instead, these computers typically exist in a network environment wherein multiple computers are interconnected, and each computer may exchange data with all other computers included in the network. As the number of computers coupled to conventional networks has increased, the amount of data transferred across such networks has also increased. As a result, techniques for efficient and reliable transfer of data across a computer network have developed.
One technique that promotes efficient transfer of data across a network is “packetizing.” Packetizing is a technique whereby larger amounts of data are broken into smaller segments, or “packets.” Packets require fewer resources to process than bulk amounts of data. Additionally, by using packets, data may be received in an incremental manner, which reduces the amount of data that must be re-sent when an error in transmission occurs.
Another technique is the use of the Open Systems Interconnect (“OSI”) model, which defines a networking framework for implementing communications protocols. The OSI model breaks down the operations for transferring data into seven distinct “layers,” each designated to perform certain operations in the data transfer process. Although some networking applications have implemented each of the layers, many applications implement only selective layers for use in transferring data across a network. Two layers incorporated by most protocol stacks are the transport layer and the data link layer. The transport layer is typically associated with packetizing data. An example of a transport layer protocol is the Transmission Control Protocol (“TCP”). The data link layer is typically associated with encoding bits into packets and decoding packets into bits.
Sending data from a computing device to a network typically includes a transport layer driver packetizing bulk data, a data link layer driver decoding the packets into bits, and network hardware, such as a network interface card, transmitting the bits onto the network. A computing device receiving data from a network typically includes these operations in reverse order. That is, a hardware device receives bits, a data link layer driver encodes the bits into packets, and the packets are sent to a transport layer driver to be combined into bulk data. Data link layer drivers may perform specific operations on data when decoding packets into bits for dispatch to network hardware and when encoding bits into packets for dispatch to a transport layer protocol. This is beneficial because data may need modification before it is sent across a network or to higher level protocols.
Historically, data link layer drivers were written or designed for a specific platform to facilitate compatible transfer of data. As the number of protocols and hardware device types has proliferated, this has led to problems. To delete, add, or modify the operations performed by a data link layer driver, the driver must be completely rewritten. Rewriting data link layer drivers is extremely costly, involves a high level of technical expertise, and frequently causes existing hardware to become obsolete or causes the user of such hardware to forego enhanced functionality. Furthermore, when a plurality of data link layer drivers are present within a computer system, functions included in various data link layer drivers may be redundant, yet required for proper operation.
As a result, other methods were developed to perform operations on data, at the data link layer of a protocol stack. One such method is the “IP firewall hook,” which “hooks” data packets as they pass between the data link layer and the transport layer of a protocol stack. The benefit of hooking packets is that data monitoring functions may easily be performed, such as checking the originating address of a packet to determine if the packet should be processed or discarded. However, packet hooking has otherwise limited benefits as packets may not be modified and inserted back into the data flow. Furthermore, other more modern networking techniques have developed which are incompatible with packet hooking. For example, IP firewall hooking is not interoperable with the widely used Internet Connection Sharing technology.
Another method for performing operations on data packets passing through a data link layer of a protocol stack is to use “intermediate drivers.” Intermediate drivers sit between the transport layer and data link layer and may perform conventional data monitoring as well as other more advanced filtering functions, such as data compression and encryption. Intermediate drivers allow functionality to be added to or deleted from a protocol stack without having to rewrite an underlying link layer device driver. Additionally, multiple intermediate drivers may be layered to perform a series of functions on data passing through a data link layer.
While intermediate drivers provide increased functionality as compared to IP firewall hooking, intermediate drivers have certain inherent problems. Installation and configuration of intermediate drivers often involves incorporating data from or supplying data to an operating system component such as a registry. Filtering environments where intermediate drivers process operating system data is detrimental for at least two reasons.
Installing or removing an intermediate driver from a protocol stack may require the protocol stack to be torn down and rebuilt. This may result in the protocol stack having to be rebuilt in order to add the functionality of the intermediate driver. Likewise, an intermediate driver writing data may cause a protocol stack to malfunction if it is not rebuilt. Tearing down and rebuilding a protocol stack may include rebooting a computer system so data may be properly initialized for an intermediate driver. Additionally, under certain circumstances, an installed intermediate driver may only need to look at network data after the intermediate driver is activated. However, even if inactive, the intermediate driver will remain installed, use valuable operating system resources, and as a result, degrade network performance.
Therefore, what are desired are systems, methods, and computer program products for efficiently filtering data packets and changing filtering operations in a manner that conserves processing and network resources.