Computers communicate over a network using the TCP/IP protocol (or, much less commonly, other protocols). Specifically, such computers communicate by transmitting information in TCP/IP packets onto the network, and by receiving information in TCP/IP packets from the network. TCP and IP protocols are complex. In conventional computer architecture, the host processor (e.g., the central processing unit (CPU)) may expend a considerable amount of processing power to perform the TCP/IP protocol processing.
Devices called TCP Offload Engines (TOE) have therefore been developed. A TOE is a technology for acceleration of TCP/IP by moving TCP/IP processing to a separate dedicated controller off the main host processor. This separate dedicated controller is often realized on extension cards called network interface cards (NIC). A NIC card that includes a type of TOE device is sometimes called an intelligent network interface card (iNIC).
A TOE or other network processor offload typically partially or completely replicates the host processor's network stack. Unfortunately, generic network filtering (for example, as a component of a firewall), cannot be applied across a system wherein one or more of the host processors employs a NIC(s) with TOE(s) or other network offload(s) since each of the offload mechanisms might be different, as well as their interfaces. Conventionally, the same network filter solution cannot be applied across multiple locations within such a system, but rather, customization per implementation location is needed in order to employ a network filter.