Mobile IPv6 feature implementation

We have described in detail the implementation of the Mobile IPv6 universal function body. Now, let's take the rest part, that is to say, the kernel, adaptation layer, and security mechanism functions are described in detail. For detailed procedures, see the following.

◆ Mobile IPv6 kernel feature implementation

The kernel function body is directly related to the operating system. You need to select an appropriate implementation method based on the operating system's actual situation. The kernel function body intercepts upstream and downstream IP data packets, provides network control messages for common function bodies and forwards control messages sent by common function bodies. It is also a data message processor and is responsible for adding and deleting the Mobile Information Type2 route extension headers of messages, address options), encapsulate and unencapsulate the IP tunnel, submit restored common IP data packets to the IPv6 protocol stack, and send IP data packets with mobile information added.

The kernel feature is closely related to the operating system platform. Its implementation needs to solve two problems:

1) IP packet interception mechanism;

2) communication between the kernel state and the user State program.

The following describes how to implement the kernel feature on Linux and Windows operating systems:

The Linux kernel feature implements two mechanisms: Net_filter and NetLink. The former is the programming interface between the nic and the network driver, and the latter is the programming interface for communications between the user-State Program and the core-State program. The Net_filter mechanism is used to directly intercept upstream and downstream IP packets between the IPv6 network protocol program and the NIC Driver to intercept IP packets. In Net_filter, use the communication interface of NetLink to communicate with common function bodies.

The implementation of Windows kernel functions is similar to that of Linux and Windows NDISNetwork Driver Interface Specification) mechanism Network DRIVER Interface Specification) and WDMWIN32 Driver MODEL) mechanism Device DRIVER Programming MODEL) provides a data communication mechanism between the IPv6 protocol layer and the NIC driver on the Windows platform to intercept upstream and downstream IP packets, as well as between the kernel function body and the universal function body, embed the WDM structure in the NDIS to complete the kernel function. For other operating systems, you need to select an appropriate mechanism based on the actual situation to implement the kernel feature.

Although the kernel function bodies are compiled based on the needs of different operating systems, the basic functional modules inside the kernel are the same and are divided again, partition the logic processing module and non-logic processing module kernel structure module), and write the logic processing module into a function call library, A better encapsulation method can be used to make these small functional modules available for calling in different operating system kernel programs without modifying them again. The key to writing the kernel function body is to reasonably combine these small logic modules based on the characteristics of the kernel structure of the specific operating system based on different operating system platforms, so that they can complete the kernel function body functions together.

◆ Mobile IPv6 Adaptation Layer implementation

Whether the general function body can maintain the universality of source code, the key lies in the encapsulation quality of the adaptation layer. The adaptation layer provides related functions with unified interfaces to the general function body. This layer includes the communication interface functions, thread management functions, and timer functions between kernel and user States:

1) the universal function body calls the adaptive layer communication interface to listen and read the MH and ICMP packets. The feedback of the MH and ICMP packets notifies the kernel function body to forward the packets to the mobile network through the communication interface. The status data of common function management must rely on the communication interface to notify the kernel function data management module in real time to keep the status data information synchronized;

2) the general function body calls the thread management function to manage and control threads. The thread management functions of different systems are different, but the thread management functions are similar, including thread generation and shutdown, mutual Exclusion and other basic operations. To ensure the versatility of common function code, the adaptation layer provides thread management functions with uniform function names and parameter formats, use the pre-compilation method internally to differentiate the specific function implementation in different operating systems;

3) The general function body needs to regularly maintain mobile-related information. The timer functions in microseconds to milliseconds are provided by the operating system. The adaptation layer also uses the pre-compiled method to encapsulate the timer functions of the operating system.

◆ Mobile IPv6 Security Mechanism implementation 

Mobile IPv6 Security includes three aspects: HA registration process and CN registration process security assurance; security assurance between MN and CN; security assurance between HA and MN.

1) according to RFC3775, the HA registration process and the security guarantee of the CN registration process are completed by the RR process and implemented in the general function body;

2) security between MN and CN can be achieved through the general IPsec mechanism. This mechanism is implemented at the network level above Mobile IPv6, and no special processing is performed here, it is worth noting that the HoA address of MH must be configured during IPsec configuration;

3) The security between HA and MN must be ensured. You can choose to implement it in the kernel function body and manually configure the security policy. The IP packet intercepts the interface and supervises the upstream and downstream packets, discover IP messages that communicate with HA. Call the security module according to the IPsec Policy Configuration between HA and MN to encapsulate and unencapsulate IP data to ensure secure transmission.