摘要 |
PURPOSE: An implementation method of an improved Anti-DoS IKE(Internet Key Exchange) protocol engine is provided to input/output packet to which fragmentation is applied by using an IPTABLE command in a network driver. CONSTITUTION: An IKEv2 protocol engine comprising a PLUTO demon is composed of four packet handling functions. The IKEv2 protocol engine processes the packet through four steps. The four packet handling functions includes a read_packet() function, process_packet() function, state_process() function, and message_complete() function. The read_packet() function reads a message in an object IKE socket of a opponent. The process_packet() function parses the read message. |