Portions of this patent application contain materials that are subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document, or the patent disclosure, as it appears in the Patent and Trademark Office, but otherwise reserves all copyright rights.
A computer program listing appendix incorporating features of the present invention is being submitted herewith on a compact disc in compliance with 37 C.F.R. xc2xa71.52(e), and is incorporated herein by reference in its entirety. The computer program listing appendix is being submitted on a first compact disc labeled xe2x80x9cCopy 1xe2x80x9d and on a second compact disc labeled xe2x80x9cCopy 2.xe2x80x9d The disc labeled Copy 2 is an exact duplicate of the disc labeled Copy 1. The files contained on each disc are:
sourcecode apps ipv4 plugins 1net_ft.c, 7895, Aug 15 14:36;
sourcecode apps ipv4 plugins Makefile, 713, Aug 15 14:36;
sourcecode apps ipv4 plugins 1net_icmp.c, 13785, Aug 15 14:36;
sourcecode apps ipv4 plugins 1net_udp.c, 11309, Aug 15 14:36;
sourcecode apps ipv4 plugins 1net_tabldr.c, 999, Aug 15 14:36;
sourcecode apps ipv4 1net_ipv4.c, 15626, Aug 15 14:36; sourcecode apps ipv4 Makefile, 541, Aug 15 14:36; sourcecode apps gpos 1net_gpos.c, 17258, Aug 15 14:36;
sourcecode apps gpos Makefile, 466, Aug 15 14:36; sourcecode apps arp Makefile, 457, Aug 15 14:36; sourcecode apps arp 1net_arp.c, 10964, Aug 15 14:36;
sourcecode scripts defconfig, 426, Aug 15 14:36; sourcecode scripts ft, 0, Aug 15 14:36;
sourcecode scripts functions.sh, 7148, Aug 15 14:36; sourcecode scripts config.in, 1336, Aug 15 14:36; sourcecode scripts test_udp, 3300, Aug 15 14:36;
sourcecode scripts test_ip, 3271, Aug 15 14:36; sourcecode scripts Menuconfig, 30024, Aug 15 14:36; sourcecode scripts Configure, 12372, Aug 15 14:36;
sourcecode scripts mkdep.c, 12136, Aug 15 14:36; sourcecode scripts Makefile, 1597, Aug 15 14:36; sourcecode scripts unload_arp, 659, Aug 15 14:36;
sourcecode scripts load_ip, 3008, Aug 15 14:36; sourcecode scripts test_arp, 2077, Aug 15 14:36; sourcecode scripts load_arp, 1153, Aug 15 14:36; sourcecode scripts testxe2x80x941net, 3239, Aug 15 14:36; sourcecode scripts ins1net, 3885, Aug 15 14:36;
sourcecode scripts localinfo, 372, Aug 15 14:36; sourcecode scripts hosts, 651, Aug 15 14:36; sourcecode scripts rm1net, 1124, Aug 15 14:36; sourcecode scripts ping, 2153, Aug 15 14:36; sourcecode scripts addip, 3173, Aug 15 14:36;
sourcecode scripts unload_ip, 1137, Aug 15 14:36; sourcecode scripts msgbox.c, 2529, Aug 15 14:36; sourcecode scripts inputbox.c, 6179, Aug 15 14:36;
sourcecode scripts yesno.c, 3067, Aug 15 14:36; sourcecode scripts colors.h, 5384, Aug 15 14:36; sourcecode scripts checklist.c, 9584, Aug 15 14:36;
sourcecode scripts menubox.c, 12716, Aug 15 14:36; sourcecode scripts dialog.h, 5936, Aug 15 14:36; sourcecode scripts textbox.c, 15584, Aug 15 14:36;
sourcecode scripts util.c, 9604, Aug 15 14:36; sourcecode scripts 1xdialog.c, 6023, Aug 15 14:36; sourcecode main 1net.c, 21899, Aug 15 14:36; sourcecode main Makefile, 172, Aug 15 14:36; sourcecode include 1net.h, 6253, Aug 15 14:36;
sourcecode include 1net_udp.h, 3463, Aug 15 14:36; sourcecode include 1net_icmp.h, 2856, Aug 15 14:36; sourcecode include 1net_arp.h, 1417, Aug 15 14:36;
sourcecode include 1net_ipv4.h, 4172, Aug 15 14:36; sourcecode include 1net_hw.h, 1673, Aug 15 14:36; sourcecode include 1net_gpos.h, 1435, Aug 15 14:36;
sourcecode doc api.txt, 7841, Aug 15 14:36; sourcecode doc ipv4.txt, 6923, Aug 15 14:36; sourcecode doc udp.txt, 4171, Aug 15 14:36; sourcecode doc arp.txt, 2664, Aug 15 14:36; sourcecode doc icmp.txt, 4136, Aug 15 14:36; sourcecode doc gpos.txt, 5055, Aug 15 14:36; sourcecode doc faq.txt, 4855, Aug 15 14:36;
sourcecode doc getting_started.txt, 3690, Aug 15 14:36;
sourcecode doc configuration.txt, 1847, Aug 15 14:36; sourcecode doc scripts.txt, 2663, Aug 15 14:36; sourcecode doc Configure.help, 4154, Aug 15 14:36;
sourcecode GNUmakefile, 4188, Aug 15 14:36; sourcecode drivers 1net_pcnet32.c, 21711, Aug 15 14:36; sourcecode drivers 1netxe2x80x943c905.c, 34753, Aug 15 14:36;
sourcecode drivers 1net_eepro100.c, 30847, Aug 15 14:36; sourcecode drivers Makefile, 624, Aug 15 14:36; sourcecode tests 1net_arp_test 1net_arp_test.c, 2039, Aug 15 14:36;
sourcecode tests 1net_arp_test Makefile, 488, Aug 15 14:36;
sourcecode tests 1net_ip_test 1net_ip_test.c, 10396, Aug 15 14:36;
sourcecode tests 1net_ip_test Makefile, 483, Aug 15 14:36;
sourcecode tests 1net_ping 1net_ping.c, 6487, Aug 15 14:36;
sourcecode tests 1net_ping Makefile, 465, Aug 15 14:36;
sourcecode tests 1net_udp_test 1net_udp_test.c, 10254, Aug 15 14:36;
sourcecode tests 1net_udp_test Makefile, 488, Aug 15 14:36;
sourcecode tests 1net_test 1net_test.c, 9744, Aug 15 14:36;
sourcecode tests 1net_test Makefile, 181, Aug 15 14:36;
sourcecode skeletons 1net_ipv4_plugin.c, 4926, Aug 15 14:36;
sourcecode skeletons 1net_driver.c, 22332, Aug 15 14:36;
sourcecode skeletons 1net_decoupled_app.c, 5523, Aug 15 14:36;
sourcecode skeletons 1net_simple_app.c, 4510, Aug 15 14:36;
sourcecode skeletons Makefile, 284, Aug 15 14:36; sourcecode Rules.make, 188, Aug 15 14:36; sourcecode Copyright, 76, Aug 15 14:37.
1. Field of the Invention
The present invention relates to computer networks and data processing systems and, more specifically, to and a system, method, and computer program product for monitoring and controlling network connections from a supervisory operating system.
2. Discussion of the Background
Networked computers cooperating on computations or implementing communication systems, such as SS7, are subject to hardware failures in communication links, switches, hubs, and network hosts, as well as software failures in software implementing or using communication protocols. As network speeds increase and as quality demands increase on service providers, controlling bandwidth allocation, responding to out of band events, and monitoring performance and security becomes critical. However, most networking protocols do not directly or efficiently allow for this type of functionality. For example, TCP/IP, a widely used networking protocol, is designed to be tolerant of timing fluctuations and therefore does not have a method of rapidly discovering network failures. During the operation of a network stack, handling of timing events or out of band signals may be delayed by stack or operating system scheduling. Other drawbacks and disadvantages exist.
xe2x80x9cA Retrospective on the VAX VMM Security Kernel,xe2x80x9d by Karger et al. describes the development of a virtual-machine monitor (VMM) security kernel for the VAX architecture. The focus is on how the system""s hardware, microcode, and software are aimed at meeting A1-level security requirements while maintaining the standard interfaces and applications of the VMS and ULTRIx-32 operating systems. The VAX security kernel supports multiple concurrent virtual machines on a single VAX system, providing isolation and controlled sharing of sensitive data. However, computer networking is not discussed.
Other background references include: U.S. Pat. No. 6,385,643 issued to Jacobs et al.; U.S. Pat. No. 5,958,010 issued to Agarwal et al., U.S. Pat. No. 5,721,922 issued to Dingwall, and xe2x80x9cSupport For Real-Time Computing Within General Purpose Operating System,xe2x80x9d by G. Bollella et al.
It is an object of the invention to enable a system to monitor and control a networked environment.
It is another object of the invention to enable the system to provide high-availability, rapid fault recovery, out of band condition signaling and/or other quality of service assurances and security in a networked environment.
It is another object of the invention to enable a the system to detect and prevent a network-based attack such as, for example, a denial of service attack.
These and other object are achieved by the present invention. In one aspect, a method of the present invention includes the step of providing a processing system (e.g., a general purpose computer, a specific purpose computer, a network router, a network switch, or other processing device) with at least two operating systems, which are referred to as a supervisory operating system and a secondary operating system. In one embodiment, the secondary operating system is a task supervised by the supervisory operating system. The supervisory system may be a real-time operating system, but this is not a requirement.
The method also includes the step of providing a Network Control Software (NCS) in the supervisory operating system. The NCS is an application of the supervisory operating system and is interposed between hardware network device drivers and network clients in the secondary operating system. These network clients may communicate with the NCS via protocol stacks of the secondary operating system or directly, for example, using shared memory or a pseudo-device interface. The NCS is also able to communicate with the clients in the secondary operating system by reading and modifying state information in the secondary operating system and in the client application software.
Because the NCS is interposed between hardware network device drivers and network clients in the secondary operating system, the NCS may be configured to monitor and control network operations in the secondary operating system. For example, the NCS may be configured to monitor and/or control communication channels of the secondary operating system, provide high speed fail-over, protect against network based attacks, and provide a quality-of-service system that reduces resource contention for critical services.
In one embodiment, the NCS may monitor and control a networked environment. For example, the NCS may gather information from a network client message stream and from the protocol stacks implemented in the secondary operating system. The NCS may operate across the boundaries of the protocol stacks in the secondary operating system. For example, the NCS can gather information about the timing of a protocol implemented in the secondary operating system, even if the protocol does not itself track this information. The NCS can interpose control information into a data stream and/or capture this information from a data stream, and the NCS may relate and coordinate the operation of different protocols even if those protocols are logically unrelated within the secondary operating system.
Further, in the embodiments where the supervisory operating system is a real-time operating system, the NCS can operate to impose precise timing on its actions through the real-time capabilities of the supervisory operating system. For example, the NCS may be configured to send periodic updates of state to neighboring computer systems at precise intervals. Further, the NCS can inspect and modify the state of the protocol stacks and network clients in the secondary operating system. For example, the NCS may make use of a sophisticated TCP or T/TCP stack in the secondary operating system, but intervene to prevent waste of resources if the NCS detects a condition that is not detectable by the TCP or T/TCP protocol.
Advantageously, one of the applications of the NCS is that it can transparently add functionality to enhance existing network protocol stacks and applications in the secondary operating system. For example, instead of one attempting to modify a complex and highly tuned T/TCP protocol stack to prioritize transactions with a certain remote computer, the NCS can be used to impose this prioritization on the T/TCP stack of the secondary operating system by, for example, discarding or delaying messages from lower priority computers transparently to the T/TCP stack.
The above and other features and advantages of the present invention, as well as the structure and operation of preferred embodiments of the present invention, are described below with reference to the accompanying drawings.