[1]周莉 黄宪 陆建德.Linux2.6内核IPSec支持机构的研究与分析[J].计算机技术与发展,2007,(05):191-194.
 ZHOU Li,HUANG Xian,LU Jian-de.Research and Analysis of IPSec Support Mechanism in Linux Kernel 2.6[J].,2007,(05):191-194.
点击复制

Linux2.6内核IPSec支持机构的研究与分析()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2007年05期
页码:
191-194
栏目:
智能、算法、系统工程
出版日期:
1900-01-01

文章信息/Info

Title:
Research and Analysis of IPSec Support Mechanism in Linux Kernel 2.6
文章编号:
1673-629X(2007)05-0191-04
作者:
周莉2 黄宪1 陆建德1
[1]苏州大学计算机学院[2]苏州市职业大学计算机工程系
Author(s):
ZHOU Li HUANG Xian LU Jian-de
[1]School Of Computer; Suzhou Univ[2]Department of Computer Engineering, Suzhou Vocational College
关键词:
IPSec安全关联安全策略Netlink套接字
Keywords:
IPSec seeurity association security policy Netlink socket
分类号:
TP311
文献标志码:
A
摘要:
新的Linux2.6内核提供了对IPSec的支持机构,文中对Linux2.6内核中新加入的IPSec代码进行了深入分析。对比先前不支持IPSec的网络协议栈的Linux内核,揭示了Linux 2.6内核“无缝”接入IPSec处理的方法;阐述了内核中IPSec重要组件——安全关联SA、安全策略的设计思想以及相关数据库SAD和SPD的构建方法;分析了基于Netlink套接字通信的内核IPSec管理模块、内核加密算法函数库,总结出一套Linux 2.6内核IPSec支持机构提供给用户进程的调用方法
Abstract:
New Linux kernel 2.6 has provided the IPSec support mechanism, and this paper has made thorough analysis tO the IPSec code embedded in Linux kernel 2.6. Compares the Linux 2.6 kernel' s protocol stack with previous kernels' that don' t suppoix IPSee, and un, leashes the methods" of the IPSec seamless integration in Linux 2.6 kemel. It illustrates the design thoughts.of SA and SP structures that are both important IPSec elements,and constructing methods of SAD and SPD. Also analyzed the management module that based on the communication of Netlink sockets and the crypto function hank,and summarized a suit of methods that provided by IPSec support mechanism in Linux'kernet 2.6 that can be utilized by user process

相似文献/References:

[1]蓝集明 陈林.对IPSec中AH和ESP协议的分析与建议[J].计算机技术与发展,2009,(11):15.
 LAN Ji-ming,CHEN Lin.Analysis and Suggestion on the AH and ESP in IPSec[J].,2009,(05):15.
[2]罗恒洋.IPSec在MPLS VPN中的应用[J].计算机技术与发展,2009,(03):168.
 LUO Heng-yang.Application of IPSec in MPLS VPN[J].,2009,(05):168.
[3]高振栋.动态IP环境下IKEv2扩展设计与改进[J].计算机技术与发展,2008,(12):162.
 GAO Zhen-dong.Design and Realization of IKEv2 with Dynamic IP Address[J].,2008,(05):162.
[4]乔加新.OPC XML数据通信安全模型的研究[J].计算机技术与发展,2007,(07):148.
 QIAO Jia-xin.Research on Security Model Used for OPC XML Data Communication[J].,2007,(05):148.
[5]郭铃 李伟生.SSL VPN的设计与实现[J].计算机技术与发展,2007,(08):148.
 GUO Ling,LI Wei-sheng.Design and Implementation of SSL VPN[J].,2007,(05):148.
[6]江伟 苏本跃 周健.IPSec在基于IPv6的校园网安全中的应用研究[J].计算机技术与发展,2007,(02):229.
 JIANG Wei,SU Ben-yue,ZHOU Jian.Research on Application of IPSec at Campus Network of IPv6[J].,2007,(05):229.
[7]张朝伟 李伟生.无线应用场景下基于IPsec VPN的研究与实现[J].计算机技术与发展,2007,(04):104.
 ZHANG Chao-wei,LI Wei-sheng.Research and Implementation of IPsec VPN under Wireless Network Scenarios[J].,2007,(05):104.
[8]魏臻 杨海潮.一种改进的IPSec穿越NAT方案[J].计算机技术与发展,2006,(08):80.
 W-EI Zhen,YANG Hai-chao.An Improved IPSec- NAT Traversal Solution[J].,2006,(05):80.
[9]王心灵 朱学永 郑美.IPSec实现保密数据传输的技术研究[J].计算机技术与发展,2006,(08):235.
 WANG Xin-ling,ZHU Xue-yong,ZHENG Mei.Research on Applied IPSec Technology to Implement Secret Information Transportation[J].,2006,(05):235.
[10]庞磊 蒋炎河 何德峰.分布式VPN网关及其密钥协商的同步[J].计算机技术与发展,2006,(09):216.
 PANG Lei,JIANG Yan-he,HE De-feng.A VPN Gateway Based on Distributed System and Synchronization of Its Key Exchange[J].,2006,(05):216.

备注/Memo

备注/Memo:
江苏省自然科学基金资助项目(BK2004039)周莉(1980-),女,江苏江阴人,硕士,助教,研究方向为计算机网络与网络安全;陆建德,教授,研究方向为计算机网络协议分析设训网络安全
更新日期/Last Update: 1900-01-01