DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-4, 7, 9-12, 15-18, and 20-22 are pending in this application.

Response to Arguments
Applicant' s arguments regarding the rejections of claims 1-4, 6-12, 14-22 under 35 U.S.C. 112a have been fully considered and are persuasive. The rejections have been withdrawn. 

Applicant' s arguments regarding the rejections of claims 1-4, 6-8 and 16-21 under 35 U.S.C. 112b have been fully considered and are persuasive. The rejections have been withdrawn. However, new 35 U.S.C. 112b rejections are applied to claims 1-4, 7, 9-12, 15-18, 20-22.

Applicant's arguments regarding the 35 U.S.C. 103 rejections of claims 1-4, 6-12, 14-20 have been fully considered but they are not persuasive. 
Regarding the 35 U.S.C. 103 rejection, the applicant argues the following in the remarks:
Rediger, Hlavatý, and Borkmann fail to teach requesting enumeration of a set of runtime-computed values comprising the runtime-computed value. 
Rediger, Hlavatý, and Borkmann fail to teach all features of the dependent claims. 

Examiner has thoroughly considered Applicant' s arguments, but respectfully finds them unpersuasive for at least the following reasons:
As to point (a), the examiner respectfully disagrees. Borkmann recites on pg. 37 Section: BPF Return Code After running the XDP BPF program, a verdict is returned from the program in order to tell the driver how to process the packet next. In the linux/bpf.h system header file all available return verdicts are enumerated: enum xdp_action {XDP_ABORTED=0, XDP_DROP, XDP_PASS, XDP_TX, XDP_REDIRECT,}. The actions XDP_ABORTED=0, XDP_DROP, XDP_PASS, XDP_TX, XDP_REDIRECT are runtime-computed values that are enumerated. 

As to point (b), the examiner respectfully disagrees. Applicant's arguments regarding dependent claims fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the dependent claims define a patentable invention without specifically pointing out how the language of the dependent claims patentably distinguishes them from the references.

Claim Objections
Claims 7 and 15 are objected to because of the following informalities: they recite “the bytecode” but claim 1 recites “the bytecode of the network pack processing component” so claims 7 and 15 should be amended to be consistent. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 7, 9-12, 15-18, 20-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
As per claim 1:
	Lines 12-13 recite “responsive to determining that the bytecode of the network packet processing component comprises at least one of the first command or the second command” but it is unclear what component is making the determination. 
Lines 16-17 recite “causing a software implementation of the network packet processing component to be executed” but it is unclear on what the software implementation of the network packet processing component is to be executed on. 
	Line 18 recites “requesting enumeration of a set of runtime-computed values” but it is unclear what is requesting enumeration and what the request is directed at in order to start enumerating the set of runtime-computed values. 
	
As per claims 1 and 9 (line numbers refer to claim 1):
	Line 13 recites “the first or the second command” and that lacks antecedent basis because line 10 merely recites “a command”. 

As per claims 7 and 15 (line numbers refer to claim 7):
Line 1 recites “the call” which lacks antecedent basis. 	
Lines 1-2 recite “the call to the network pack processing component library” but it is unclear what is making the call to the library. 
Lines 1-2 recite “the network packet processing component library” which lacks antecedent basis.

As per claims 9 and 16 (line numbers refer to claim 9):
	Line 1 recites “a system for supporting hardware offload” but it is unclear how the system supports hardware offload when a software implementation of the network packet processing component is executed when a device driver detects the redirect flag.  

Claims 2-4, 10-12, 17-18, 20-22 are dependent claims of claims 1, 9, and 16, respectively. Therefore, they are rejected for the same reasons as claims 1, 9, and 16 above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 9-12, 16-18, and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Rediger et al. (Network Function Offloading in Virtualized Environments herein Rediger) in view of Hlavatý et al. (Network Interface Controller Offloading in Linux herein Hlavatý) and further in view of Borkmann et al. (BPF and XDP Reference Guide herein Borkmann).
Rediger, Hlavatý, and Borkmann were cited in a previous office action.
As per claim 1, Rediger teaches the invention substantially as claimed including a method, comprising: receiving, by a privileged component executed by a processing device, bytecode of a network packet processing component from an unprivileged component executed by the processing device (pg. 20 Fig. 4.1; pg. 6 2.2 Implementation of Network functions paragraph 1 lines 2-5 One way is to write small applications that are executed on each received network packet and which can then read, modify, retransmit or drop these packets. This can be achieved with a technology available in the Linux kernel since the 1990s, which is now known as classic Berkeley Packet Filter (cBPF); pg. 16 3.3 Impact on Security paragraph 3 line 5 Programs are given as BPF bytecode; pg. 20 paragraph 1 lines 3-8 In order to move network functions from guest systems into the host system and attach them to the NIC of the host machine, we provide a privileged application, bpfd, which receives BPF programs from guest domains (as unprivileged component). On the guest side, a user-space application offloads BPF programs using the provided libxenbpf library, which communicates with the application in the host. BPF programs offloaded from guests);
analyzing, by the privileged component, the bytecode of the network packet processing component to determine whether the bytecode of the network packet processing component comprises a command that returns a runtime-computed value generated by the network packet processing component; determining that the bytecode of the network packet processing component comprises at least one of the first command or the second command (pg. 7 2.2.1 The BPF Virtual Machine paragraph 3 lines 10-11 The kernel (as privileged component) then runs a verifier on the code; pg. 9 2.2.2 BPF Programs as Network Functions paragraph 3 lines 15-19 Multiple helper functions for parsing and modifying a network packet are available when BPF programs are used as network actions. The program’s return value determines further actions and can signal that the packet should be dropped immediately, was retransmitted to one of the available network interfaces; pg. 35 5.5 User-space Verifier paragraph 1 line 5-paragraph 2 line 2 We add our own user-space verifier to filter potentially harmful code. As BPF bytecode instructions are always of a fixed size, we can easily iterate over the given bytecode and extract single instructions. The instructions can then be validated and if necessary be replaced, new instructions can be added, or the full program can be rejected. We implemented two verifier passes. The first one checks for calls to the redirect helper functions in BPF, clone_redirect and redirect; pg. 8 paragraph 5 lines 4-7 Using program maps it is possible to jump into other existing BPF programs. This is called a tail-call. When doing a tail-call, the kernel looks up another BPF program by its internal pointer stored in a program map and jumps into the associated code; pg. 35 5.5 User-space Verifier paragraph 3 lines 1-2 The second pass checks for arbitrary tail-calls, again identified by a helper function call; The command that returns a runtime value is taught because the specification of the instant application discloses that the command that returns a runtime-computed value can be an indirect jump command and Rediger teaches a jump call which looks up an internal pointer to jump to code.).

Rediger teaches determining that the bytecode of the network packet processing component comprises at least one of the first command or second command, but fails to teach responsive to the determination, setting a redirect flag maintained by the privileged component; and responsive to detecting, by a device driver, the redirect flag, causing a software implementation of the network packet processing component to be executed; and requesting enumeration of a set of runtime-computed values comprising the runtime-computed value.  

However, Hlavatý teaches responsive to determining that the bytecode of the network packet processing component comprises at least one of the first command or the second command, setting a redirect flag maintained by the privileged component; and responsive to detecting, by a device driver, the redirect flag, causing a software implementation of the network packet processing component to be executed (pg. 31 4.2 Features paragraph 1 lines 1-2 The flag set serves as a shared data structure at multiple places in the kernel (as privileged component); pg. 44 paragraph 3 lines 1-2 another type of runtime entity was introduced – an action; pg. 45 4.5.6 Offloading paragraph 6 line 15-pg. 46 line 2 We can see that the driver recognizes actions to drop the packet (as redirection to the drop queue) and to redirect the packet to another function of the same device. If the action is not supported, the rule cannot be offloaded; pg. 46 paragraph 5 lines 2-3 For relevant classifiers, two flags can be specified: skip_hw and skip_sw. When skip_hw is set, the rule will not be offloaded; pg. 41 paragraph 3 line 1 XDP (as network packet processing component) can be offloaded to the hardware; pg. 49 bullet point 2 lines 2-3 it can be offloaded only when the NIC (as hardware) is compatible; pg. 50 bullet point 5 When the work cannot be offloaded, doing the work in software should not be extremely expensive when it comes to performance; pg. 31 4.2 Features paragraph 1 lines 1-3 For every network interface, there is a set of flags called features. The flag set serves as a shared data structure at multiple places in the kernel. Most notably, the driver uses them to report the capabilities of the NIC).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Rediger with the teachings of Hlavatý because Hlavatý’s teaching of doing a software implementation when there a flag indicating that there is a redirect action prevents incompatible actions from being performed on hardware (see Hlavatý, pg. 49 bullet point 2 lines 2-3 it can be offloaded only when the NIC is compatible).	

Rediger and Hlavatý fail to teach requesting enumeration of a set of runtime-computed values comprising the runtime-computed value.

However, Borkmann teaches requesting enumeration of a set of runtime-computed values comprising the runtime-computed value (pg. 37 Section: BPF Return Code After running the XDP BPF program, a verdict is returned from the program in order to tell the driver how to process the packet next. In the linux/bpf.h system header file all available return verdicts are enumerated: enum xdp_action {XDP_ABORTED=0, XDP_DROP, XDP_PASS, XDP_TX, XDP_REDIRECT,}; pg. 4 paragraph 8 line 3 provides the mapping of a specific enum bpf_func_id to one of the available helpers for a given BPF program type; pg. 42 paragraph 9 lines 6-7 By utilizing the bpf_redirect() helper function, BPF can take over the forwarding logic to push the packet either into the ingress or egress path of another networking device.).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Rediger and Hlavatý with the teachings of Borkmann because Borkmann’s teaching of enumerating runtime-computed values allows for the driver to know how to process the packet next (see Borkmann, pg. 37 Section: BPF Return Code lines 1-2 After running the XDP BPF program, a verdict is returned from the program in order to tell the driver how to process the packet next. In the linux/bpf.h system header file all available return verdicts are enumerated).
	
As per claim 2, Rediger, Hlavatý, and Borkmann teach the method of claim 1. Rediger specifically teaches wherein the network packet processing component comprises a set of instructions implementing one or more rules to process the network packets (pg. 9 2.2.2 BPF Programs as Network functions paragraph 3 lines 2-11 Integration into the network stack of Linux allows powerful programs implemented in BPF to perform tasks on each incoming network packet… With different queuing disciplines it is possible to further classify or filter network packets and run actions on them. Actions can then drop, forward or retransmit packets; pg. 52 7.3 BPF paragraph 1 lines 8-10 The central server inspects the sampled traffics and generates rules for iptables with some parts compiled to BPF bytecode. These rules are pushed back to the edge servers, where they are applied to block traffic).

As per claim 3, Rediger, Hlavatý, and Borkmann teach the method of claim 1. Rediger specifically teaches wherein the privileged component comprises at least one of a kernel of an operating system (OS) executed by the processing device or a hypervisor executed by the processing device (pg. 14 Fig. 3.1; pg. 2 paragraph 3 lines 5-6 These programs use the existing runtime environment for BPF in the Linux kernel; pg. 10 2.3 Virtual Machine Monitoring paragraph 2 line 1 bare-metal hypervisor is the software layer on top of the hardware).

As per claim 4, Rediger, Hlavatý, and Borkmann teach the method of claim 1. Rediger specifically teaches wherein the unprivileged component comprises an application executed by the processing device or a virtual machine (VM) executed by the processing device (abstract paragraph 2 lines 1-2 virtual guest machines to offload network functions into the host machine; pg. 5 2.1 Network Functions Virtualization paragraph 2 line 6 applications already run on general purpose systems; pg. 11 paragraph 2 line 3 application usually has to invoke a system call).
	
As per claim 9, it is a system claim of claim 1, so it is rejected for the same reasons as claim 1 above. Additionally, Rediger teaches a system for supporting hardware offload, comprising: a memory; a processing device operatively coupled to the memory, the processing device to execute a privileged component to perform operations (pg. 20 Fig. 4.1; pg. 9 2.2.2 BPF Programs as Network Functions paragraph 2 lines 5-6 offloading BPF programs into network device drivers or the hardware; pg. 7 2.2.1 The BPF Virtual Machine The BPF virtual machine has 10 usable registers as well as instructions to access memory; pg. 10 paragraph 2 lines 3-5 Access to hardware, such as the CPU, Network Interface Cards (NIC) or other devices, as well as memory access is handled through the hypervisor; pg. 10 paragraph 2 lines 18-19 The hypervisor can expose necessary functionality to guests through the virtual device and handle privileged actions with the hardware directly). 

As per claims 10, 11, and 12, they are system claims of claims 2, 3, and 4 so they are rejected for the same reasons as claims 2, 3, and 4 above. 

As per claim 16, it is a non-transitory computer-readable media claim of claim 1, so it is rejected for the same reasons as claim 1 above. Additionally, Rediger teaches a non-transitory computer-readable media storing instructions for supporting hardware offload that, when executed, cause a processing device to (pg. 11 Fig. 2.1, pg. 20 Fig. 4.1; pg. 9 2.2.2 BPF Programs as Network Functions paragraph 2 lines 5-6 offloading BPF programs into network device drivers or the hardware; pg. 7 2.2.1 The BPF Virtual Machine paragraph 2 lines 1-4 The BPF environment consists of the specification of an instruction set… The BPF virtual machine has 10 usable registers as well as instructions to access memory; pg. 29 5.2 Communication Channel paragraph 1 lines 4-5 These memory pages are then used for a ring buffer into which the communicating domains can write and read from):… determining that the bytecode of the network packet processing application comprises the command (pg. 35 5.5 User-space Verifier paragraph 1 line 5-paragraph 2 line 1 We add our own user-space verifier to filter potentially harmful code. As BPF bytecode instructions are always of a fixed size, we can easily iterate over the given bytecode and extract single instructions. The instructions can then be validated and if necessary be replaced, new instructions can be added, or the full program can be rejected. We implemented two verifier passes; pg. 8 paragraph 5 lines 4-7 Using program maps it is possible to jump into other existing BPF programs. This is called a tail-call. When doing a tail-call, the kernel looks up another BPF program by its internal pointer stored in a program map and jumps into the associated code; pg. 35 5.5 User-space Verifier paragraph 3 lines 1-2 The second pass checks for arbitrary tail-calls, again identified by a helper function call; The command that returns a runtime value is taught because the specification of the instant application discloses that the command that returns a runtime-computed value is an indirect jump command and Rediger teaches a jump call which looks up an internal pointer to jump to code.).

As per claim 17, it is a non-transitory computer-readable media claim of claim 2, so it is rejected for the same reasons as claim 2 above.

As per claim 18, it is a non-transitory computer-readable media claim of claims 3 and 4, so it is rejected for the same reasons as claims 3 and 4 above.

As per claim 20, Rediger, Hlavatý, and Borkmann teach the non-transitory computer-readable media of claim 16. Rediger specifically teaches wherein the command is an indirect branch instruction (pg. 8 paragraph 5 lines 4-7 Using program maps it is possible to jump into other existing BPF programs. This is called a tail-call. When doing a tail-call, the kernel looks up another BPF program by its internal pointer stored in a program map and jumps into the associated code).

As per claim 21, Rediger, Hlavatý, and Borkmann teach the method of claim 1. Rediger specifically teaches wherein the network packet processing component is an eXpress Data Path (XDP) application (pg. 9 2.2.2 BPF Programs as Network functions offloading BPF programs into network device drivers or the hardware directly using the Express Data Path (XDP)).

As per claim 22, it is a system claim of claim 21, so it is rejected for the same reasons as claim 21 above. 

Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Rediger, Hlavatý, and Borkmann, as applied to claims 1 and 9 above, in view of Tamir et al. (US 20190050273 A1 herein Tamir).
Tamir was cited in the IDS filed on 08/26/2019.

As per claim 7, Rediger, Hlavatý, and Borkmann teach the method of claim 1. Rediger specifically teaches the call to the network packet processing component library and the network packet processing component to be compiled into the bytecode (pg. 32 5.6 libxenbpf: User-space Library and API paragraph 1 lines 1-4 we provide a library to handle the inter-domain communication. Our user-space library libxenbpf is a near dropin replacement for functionality normally provided by libbpf, a library for creating, loading and handling BPF programs and maps; pg. 8 paragraph 2 lines 1-6 BPF bytecode can be produced in different ways…A more approachable way is to make use of a compiler. The LLVM compiler toolchain [20] comes with a backend for BPF. This allows a developer to write programs in a restricted set of C and compile it into an object file containing the BPF bytecode). 

Rediger, Hlavatý, and Borkmann fail to teach wherein the call to the network packet processing component library causes the network packet processing component to be compiled into the bytecode.

However, Tamir teaches wherein the call to the network packet processing component library causes the network packet processing component to be compiled into the bytecode ([0054] lines 2-4 application 460 calls a function in BPF library 608 in user space 602 to compile the BPF into bytecode; [0023] lines 1-2 packet processing components in a computing platform).

It would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to have combined Rediger, Hlavatý, and Borkmann with the teachings of Tamir because Tamir’s teaching of calling a library function to compile the network packet processing component into bytecode provides the advantage of reusing work that someone else has already created.

As per claim 15, it is a system claim of claim 7, so it is rejected for the same reasons as claim 7 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HSING CHUN LIN whose telephone number is (571)272-8522.  The examiner can normally be reached on Mon - Fri 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng-Ai An can be reached on (571)272-3756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MENG AI T AN/Supervisory Patent Examiner, Art Unit 2195                                                                                                                                                                                                        


/H.L./Examiner, Art Unit 2195