| Internet is the most popular ,useful and fast developing computer netware,now. The safe of the data in one host in the netware is more and more paid a attention to by people,otherwise,linux OS is used for a server in the net is also more and more popular. But the firewall named netfilter in the linux os is not prefect absolutely for some reason. Ipsec is protocol which can make the ip packed safed when transports in the net. It belongs to AH , ESP and so on, protocol,and ,through safed connection and tunnel technology which can make your data in the net more safely. But just for this point, a ipsec package can not throut the netfilter firewall normally. So, this kind of netfilter is not according with the trend of firewall development.For the assume pointed above, this article have a research on realizing ipsec protocol at the very steady firewall netfilter. So that,netfliter can deal a ipsec package like a normal ip package. First we have a study and abstract to some article about this issue and get the consultion of the bug of the network. And then analyse the mechanism of the netfilter and extending, and also analyse the policy, hook mechanism,and the principle of the throughing of a data package in netfilter. We also analyse netfilter and the part of linux source code( include linux/net source code),and discuss some important data structure, We realize the safty connection and embedding ESP and AH protocol and dealing modulThen we talk about the principle of ipsec and the relation of the different module through read the RFC document. At last, particularly discuss the arithmetic and the realization of ipsec in netfilter, including untie the ipsec package and the way to deal the package according the policy defined by user.It tell us a new way to make the net more safely ,which is getting a new netfliter kernel combined with ipsec protocol. What's more,it also give a new research direction. |
PDF Full Text Request