This paper has introduced the principle of ISAKMP, a protocol used in dynamical key exchange, and has accounted for the theory of IPC (Inter-Process Communication) and a kind of new socket type PF_KEY, as well as their messaging activity and related operations. The paper has mainly analyzed the procedure of building messages in kernel and its communication with application, the methods of managing messages and SADB. Finally, it has presented a design of IPC (Inter-Process Communication) between kernel and application according to PF_KEY protocol, which makes various users communicate with each other on different channels created dynamically. In the end, the paper has analyzed the weakness of IPSec, and given some suggestions for furtherdevelopment in the future by combining IPSec with PKI. |