摘要
系统地介绍了Linux2.4内核对状态检测包过滤技术的支持机制,并且给出了2.4内核中的一种实现方法,即Netfilter+IPconntrack+IPtables体系。同时,就Linux2.4环境中的状态检测包过滤技术无法对某些多连接服务进行状态检测的局限性,提出了一种通过增加协处理模块解决此类问题的方法。
In this paper, the supporting mechanism of Linux 2.4 kernel to state inspection packet filter technology is introduced, and a kind of implementation method under this mechanism is also presented, that is Netfilter+IPconntrack+IPtables architecture. Finally, aiming at the problem that state inspection for some multi-connections services is disable, a method by the addition of cooperative process module is proposed and discussed.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第2期141-143,共3页
Computer Engineering
基金
国家"863"高技术发展基金资助项目(2002AA414060)
