A runtime adaptable security processor is disclosed. The processor
architecture provides capabilities to transport and process Internet
Protocol (IP) packets from Layer 2 through transport protocol layer and
may also provide packet inspection through Layer 7. Further, a runtime
adaptable processor is coupled to the protocol processing hardware and
may be dynamically adapted to perform hardware tasks as per the needs of
the network traffic being sent or received and/or the policies programmed
or services or applications being supported. A set of engines may perform
pass-through packet classification, policy processing and/or security
processing enabling packet streaming through the architecture at nearly
the full line rate. A high performance content search and rules
processing security processor is disclosed which may be used for
application layer and network layer security. A scheduler schedules
packets to packet processors for processing. An internal memory or local
session database cache stores a session information database for a
certain number of active sessions. The session information that is not in
the internal memory is stored and retrieved to/from an additional memory.
An application running on an initiator or target can in certain
instantiations register a region of memory, which is made available to
its peer(s) for access directly without substantial host intervention
through RDMA data transfer. A security system is also disclosed that
enables a new way of implementing security capabilities inside enterprise
networks in a distributed manner using a protocol processing hardware
with appropriate security features.
