| Alone with rapid of development of computer networks, security of information is confronted with new questions that did not appear in the era of stand-alone computer system. How to protect the security of Internet has become the focus of the people attention. Security gateway , as a typical facility of network security betweenIAN (Local Area Net ) and Internet can effectively resist two main threats-----initiative attack and communications security that is faced with by information sysytem under the circumstances of network.But because of security gateway's logical position, it is potential bottleneck of forwarding efficiency in the process of network communication. How to improve the forwarding efficiency of security gateway has become a focus of research about security gateway.According bad forwarding efficiency of security gateway, this paper put forward a new kind of design of data forwarding platform using in security gateway , based on detailed analysis of Linux kernel that is a free software. The guide line of this platform followed. Different type datagram received is difined as different priority and some kernel thread that have different priority corresponding datagram's priority is created. These kernel thread is scheduled base on their priority, and the heighest priority thread holds CPU and does forwarding task. Then the heighest priority datagram is forwarded as quickly as possible.The research work mentioned in this paper is mainly about:1. The network section of Linux kernel 2.4.0 is detailed analyzed. Its working theory is discussed. According RTL8139 that is a kind of the prevalent Ethernet NIC(Net Interface Card), net interface's working theory under Linux is set forth . The difference between network section under Linux and datagram forwarding platform that will be build is pointed out.2. This paper put forword a kind of design Linux kernel thread instead of network section under Linux is used on platform. In this design, the goal forwarding datagram based on its priority is realized by using the guide line of that is the heighest process secheduled in multi processes Operation System. For realizeing this design, firstly the process management of Linux kernel 2.4.0 is analyzed and Its working theory about schedule occasion, schedule policy, schedule mode is discussed. The difference between process management under Linux and kernel management of datagram forwarding platform that will be build is pointed out and some resolved way is gived. At last, the detail of realizing this platform is introduced.3. Security gateway architecture based on Linux is put forward. Somemain relevant technology is introduced,for example encryption and digital signature, tunnel technology. Pay attention to research on IPSec protocol, and put subclass of it on new forwarding platform .By this way ,a security gateway with basic security function is builded.The security gateway constructed in this paper is only a prototype, perfecting this security gateway is a emphasis of following work. |
PDF Full Text Request