| Linux 2.6内核IPSec支持机构的研究与分析 |
| |
| 引用本文: | 周莉,黄宪,陆建德.Linux 2.6内核IPSec支持机构的研究与分析[J].微机发展,2007,17(5):191-194. |
| |
| 作者姓名: | 周莉 黄宪 陆建德 |
| |
| 作者单位: | 苏州市职业大学计算机工程系 江苏苏州215000(周莉),苏州大学计算机学院 江苏苏州215006(黄宪,陆建德) |
| |
| 基金项目: | 江苏省自然科学基金资助项目(BK2004039) |
| |
| 摘 要: | 新的Linux2.6内核提供了对IPSec的支持机构,文中对Linux 2.6内核中新加入的IPSec代码进行了深入分析。对比先前不支持IPSec的网络协议栈的Linux内核,揭示了Linux 2.6内核“无缝”接入IPSec处理的方法;阐述了内核中IPSec重要组件——安全关联SA、安全策略的设计思想以及相关数据库SAD和SPD的构建方法;分析了基于Netlink套接字通信的内核IPSec管理模块、内核加密算法函数库,总结出一套Linux 2.6内核IPSec支持机构提供给用户进程的调用方法。
|
| 关 键 词: | IPSec 安全关联 安全策略 Netlink套接字 |
| 文章编号: | 1673-629X(2007)05-0191-04 |
| 修稿时间: | 2006年8月10日 |
Research and Analysis of IPSec Support Mechanism in Linux Kernel 2.6 |
| |
| ZHOU Li,HUANG Xian,LU Jian-de.Research and Analysis of IPSec Support Mechanism in Linux Kernel 2.6[J].Microcomputer Development,2007,17(5):191-194. |
| |
| Authors: | ZHOU Li HUANG Xian LU Jian-de |
| |
| Affiliation: | ZHOU Li2,HUANG Xian1,LU Jian-de1 |
| |
| Abstract: | New Linux kernel 2.6 has provided the IPSec support mechanism,and this paper has made thorough analysis to the IPSec code embedded in Linux kernel 2.6.Compares the Linux 2.6 kernel's protocol stack with previous kernels'that don't support IPSec,and unleashes the methods of the IPSec seamless integration in Linux 2.6 kernel.It illustrates the design thoughts of SA and SP structures that are both important IPSec elements,and constructing methods of SAD and SPD.Also analyzed the management module that based on the communication of Netlink sockets and the crypto function bank,and summarized a suit of methods that provided by IPSec support mechanism in Linux kernel 2.6 that can be utilized by user process. |
| |
| Keywords: | IPSec security association security policy Netlink socket |
| 本文献已被 CNKI 等数据库收录! |
