As a technological system of security,IPSec enhances the safety of network communication greatly. And as an important part of. that technological system, PF_KEY protocol makes IKE procession communicate with SADB in kernel conveniently.This article at first simply introduces the basic conceptions,the position and the basic principles of PF_KEY protocol.Then the article analyses the message behaviors and relevant operations of PFJKEY protocol.Then the article discusses the implementation of the 2nd edition of PF_KEY protocol in Linux kernel in detail.It involves the establishment and closure of PFJKEY socket,the constitution of PF_KEY messages,the send and receive operations of PF_KEY messages and some problems met in the course of implementation.Finally the article sums up the done work and gives out its further design thoughts according to the weakness of IPSec security gateway.
|