Linux Kernel VPN implementation source code analysis (1)

1. Introduction to VPN in Linux

Generally,
Linux
Lower
VPN
The implemented protocol stack can be divided into application layer and Network Layer
VPN
, Application Layer
VPN
For example
SSL VPN
Well-known open-source implementations include:
Openvpn
And the network layer is usually
IPSec VPN
.
SSL VPN
The text will not be described.
Openvpn
There are many materials, so you can study them on your own.

Actually
Linux2.6
At least three kernel implementations
VPN
.
VPN
They are
Ipip
Protocol,
Ipgre
Protocols and
IPSec
Protocol, the files in the kernel source code are
Ipip. c
,
Ip_gre.c
And
Xfrm
. However
IPSec VPN openswan
There are four types. These four methods can be divided into two types in terms of implementation principle. One is to use a virtual Nic to establish a tunnel, which can be run by inserting the corresponding kernel module,
Linux2.6
Kernel
Ipip
Protocol,
Ipgre
Protocols and
Openswan
Of
IPSec
Protocol, the other is directly implemented in the kernel, that is, the kernel implementation
IPSec VPN
. Therefore, the preceding three implementations are very similar.

For
Linux2.6
Built-in in the kernel
IPSec
(Note:
Linux2.4
The kernel can be supported by patching). This article will not do any analysis, because some predecessors have done a good analysis. For more information, see
Http://blog.chinaunix.net/u/12313/showart_313220.html

Unfortunately, this old guy
Blog
It has not been updated for a long time.
Linux2.6
Built-in in the kernel
IPSec
Open-source tools
IPSec Tool
.

This article will begin step-by-step analysis
Linux2.6.30
Kernel Implementation Based on Virtual Network Card
VPN
First from the simplest
Ipip
The Protocol starts.