After taking safety, processing speed and development circle into consideration, a new project based on Linux2.4 kernel dividing IPSec protocol into complex computational operation and CPU-bound operation is given in the paper. Operations about protocol analysis as well as data packaging are fulfilled by main processor, while operations about encryption, decryption and authentication are implemented by special hardware encryption card, and moreover, related interface functions are shown clearly which is helpful for re-development. Special driver system is designed under Linux operation system, and high speed as well as stable DMA data transfer is implemented. It is illuminated from the experiment results that this project has good merits such as high security, high speed and perfect expandability with a promising application prospect.%在综合考虑安全性、处理速度及开发周期的基础上,针对Linux2.a内核提出了将IP$ee协议分解为由主处理器实现的计算复杂型操作和由硬件加密卡实现的计算密集型操作的方案.主处理器进行协议解析、数据包的封装等操作,专用加密卡实现加解密、认证等高强度计算,并给出了相关的接II函数方便用户进行二次开发.专门设计了Linux操作系统下加密卡的驱动,实现了高速稳定的DMA数据传输.实验结果表明该方案具有高安全性、高速及良好的可扩展性等优点,具有良好的应用前景.
展开▼
