A system and method for providing the ability to selectively share data in
a network routing device with an associated host. The system and method
employs a hardware firewall in the routing device which restricts the
host such that it can only access areas in shared memory which contains
data destined for the host. The routing device CPU notifies the host of
pending data and the location of that data in the shared memory. The
hardware firewall is also notified of the location in shared memory which
the host may access. When the host attempts to read the data, the
firewall ensures that only the stated memory area or areas are accessed
by the host. Once the data has been read by the host, the firewall is
notified to cancel the host's ability to access the shared memory until
such time as a new packet destined for the host arrives in the routing
device.