| By using the technologies of encryption, authentication, accessing controlling, tunnel, protocol encapsulation etc, VPN (Virtual Private Network) provides a viable approach to transfer data through Internet safely. The target of our project is to develop an IPSec VPN gateway based on the lBM405ep hardware and embedded Linux OS, and the main work is composed with the porting of embedded Linux and the realizing of IKEv2 (Internet Key Exchange version 2) system. As a part of the project, this paper mainly discussed the implementation of the embedded Linux and the kernel message disposing module of IKE system. Because Linux kernel adopts Monolithic kernel structure and is closed with the hardware platform, the porting of kernel becomes very hard, while this part also is the key and difficulty of the paper.First the paper prominently introduced the process and details of porting Linux kernel, which includes four aspects: building cross compiler, analyzing booting code and the portability of kernel, modifying and cutting down the kernel code. Then the foundation of root file system is also discusseded in this paper.On the basis of analyzing IKEv2, and according to the rule of "minimal realization", a total design scheme was put forward. The paper prominently designed and implemented the PF_KEY V2 protocol, which mainly provides the communication interface between IKE and SADB. The realization of the interface adopts the modularization thought and includes four prime modules: initialization module, message disposal module, message establishment module and PF_KEY communication module.Finally, the compiled image was tested and run on the IBM405ep hardware platform. The test results showed: the embedded Linux runs well, satisfy the requirement of VPN gateway completely; and the IKEv2 system can communicate with secure databases in kernel using PF_KEY interface and implement the management and maintenance of Security Association. |
PDF Full Text Request