| 基于Unix流机制的IPSec内核实现与改进 |
| |
| 引用本文: | 孔凡玉,于佳,李大兴.基于Unix流机制的IPSec内核实现与改进[J].计算机工程,2005,31(3):48-50. |
| |
| 作者姓名: | 孔凡玉 于佳 李大兴 |
| |
| 作者单位: | 山东大学网络信息安全研究所,济南,250100;山东大学网络信息安全研究所,济南,250100;山东大学网络信息安全研究所,济南,250100 |
| |
| 基金项目: | 国家“863”计划基金资助项目(2001AA141120) |
| |
| 摘 要: | 在分析Unix的流机制(Streams)的基础上,详细论述了unix系统下IPSec内核模块的实现方法:以流模块的方式实现IPSec内核,并且利用流机制的PUSH操作将其配置在TCP/IP协议栈中。最后,给出了提高IPSec内核模块处理性能的几种方法,包括修改MTU值以避免IP包分片、调节流核心资源和采用硬件芯片加密等。
|
| 关 键 词: | 流机制 内核 流模块 IPSec协议 |
| 文章编号: | 1000-3428(2005)03-0048-03 |
Implementation and Improvement of IPSec Kernel Based on Unix Streams Mechanism |
| |
| KONG Fanyu,YU Jia,LI Daxing.Implementation and Improvement of IPSec Kernel Based on Unix Streams Mechanism[J].Computer Engineering,2005,31(3):48-50. |
| |
| Authors: | KONG Fanyu YU Jia LI Daxing |
| |
| Abstract: | Based on the principles and techniques of Unix streams mechanism, the implementation method of IPSec kernel module in Unix is discussed in detail: IPSec kernel module is implemented as a stream module and it is located into TCP/IP stack by PUSH operation. Furthermore, some suggestions of improving the processing performance of IPSec module are presented: modifying MTU value to avoid IP fragmentation, tuning the streams kernel resources and adopting crypto-chips for cryptographic operations. |
| |
| Keywords: | Streams mechanism Kernel Streams module IPSec |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
