| This paper realized the stateful inspection in Linux kernel. For such purpose, the author studied the kernel intensively, then dynamically modified the network flow of the operation system by module programming, forbad all network operations of the system applications, prevented the hacker from attacking the firewall, obscured the fingerprint of TCP/IP protocol suites; familiarized with use of timer in kernel by a number of attempt, resolved the two important technical problem that were emergencing during developingt hef irewall whichup on the Linux kernel.Based on mastering the system of Internet at large, and read the relative RFC documents, the paper came true the ARP protocol, and the firewall's transparent mode by ARP proxy,so the network parameter wouldn't be modified when the firewall put into use; ameliorated the fragement reassembly algorithm; made a deeply disquisition on the fast checksum;developed a forworded IP protocol suite which was specially designed for the firewall,replaced the general_purpose IP protocol suite of the system, impoved the efficiency greatly; actualized the NAT function by detail analyse all kinds of datagram (especial for the FTP and IMCP datagram) and heavy work at programming; and at last achieved the stateful inspection technology with the experience that originedf rom NAT.
|
PDF Full Text Request