1. Field of the Invention
Embodiments of the present invention generally relate to network protocol processing and more particularly, to network protocol processing for filtering of packets.
2. Description of the Related Art
In today's internet environment, the need for firewall and intrusion detection functionality on personal computers is unquestionable. Checks that are done on the content of the protocol headers up to layer 4 (TCP predominantly) are generally referred to as firewall checks. Scans of the content of the data stream, within the layer 4 framing, are referred to as intrusion detection checks. Currently, these checks at all levels are conducted almost entirely in software. In Microsoft Windows operating systems, intrusion detection checks are often implemented as intermediate drivers in the network stack and application services that perform file scanning. As the number of network, worm and virus attacks increases, an excessive amount of CPU cycles are being consumed to scan data, especially data that arrives over a network connection, for known attacks.
Accordingly, a need exists in the art for methods and apparatus for performing firewall and intrusion detection without consuming excessive amount of CPU cycles.