VMware, Inc.
POLICY BASED MECHANISM TO EFFICIENTLY INTERPRET AND BLOCK INSECURE NETWORK COMMUNICATION

Abstract:

The disclosure provides an approach for network security. Embodiments include receiving, by a kernel of a first machine, via a hook in a protocol stack of the first machine, one or more packets of a connection between the first machine and a second machine Embodiments include generating a metadata object for the connection based on at least a subset of the one or more packets. Embodiments include adding the one or more packets to a queue accessible by a security component of the first machine. Embodiments include determining, based on the metadata object, whether to continue capturing additional packets of the connection. Embodiments include receiving, from the security component, a security determination regarding the connection based on the one or more packets. Embodiments include performing an action with respect to the connection based on the security determination.