摘要
开发标准的用户空间Crypto API接口是Linux内核开发者未来开发目标之一。以IPsec VPN网关代理系统为应用模型,使用动态模块加载机制和系统调用劫持技术,对基于系统调用的用户空间加/解密API的开发流程和设计方法进行研究。通过与基于Netlink用户空间加/解密API进行对比,展示了该API接口的设计灵活性和可定制性。并以应用模型为背景,对该API接口的实际使用性能进行测试。结果表明,使用该API接口,可以提高系统的整体运行效率,也可以提高系统的稳定性。
Development of the unified Crypto API interface for user-space applications is one of future design goals for Linux kernel developers.In this paper,by taking IPsec VPN gateway agent system as the application model,and using Linux system call interception and loadable kernel module technique,we study the development process and designing method of the system call-based user-space cryptographic API.Meanwhile,by comparison with the Netlink-based API,it is found that this API interface is more flexibility in design and can be customised as well.Taking the application model as the background,this API interface is tested its performance of practical use.Result shows that the use of this system call-based API can improve overall system operation performance and the system stability.
出处
《计算机应用与软件》
CSCD
北大核心
2013年第2期184-188,共5页
Computer Applications and Software
基金
山西省自然科学基金项目(20100110252)
