摘要
首先针对防火墙等设备的网络访问控制,讨论了穿越防火墙的隐蔽通信常用的方法例如HTTP隧道.接着在对IPSec体系进行剖析的基础上,指出了IPSec协议网络兼容性较差,从而提出了新的结合IPSec隧道和HTTP隧道的IPSec over Http协议,并给出了协议实现的结构和流程.为了对协议模型进行验证,文章以FreeSWAN软件为基础,对IPSec over Http协议进行了设计和实现,并提供了性能测试数据作为比较,最后文章对新系统的性能进行了理论分析.
This paper first discusses the classic methods of covering communication to traverse the firewall devices which control the networking communication. And based on the analysis of IPSec protocol architecture, that the limitation of network compatibility of IPSec is got. So the new protocol of IPSec over Http based on IPSec tunnel and Http tunnel is exposed with its structure and procedure. The structure of FreeSWAN is improved and the performance test data are presented in order to validate this new protocol. Finally, the performance of the new system is analysed detailedly.
出处
《小型微型计算机系统》
CSCD
北大核心
2007年第6期1021-1025,共5页
Journal of Chinese Computer Systems
基金
国家科技部创新基金项目[2003(375)])资助.
