我知道两者都是
Linux内核中的IPSEC堆栈,并且KLIPS较旧,Netkey更新,但除此之外,我没有找到其他文档.我想知道他们之间真正的技术差异.有没有人可以告诉我差异或分享一些文件来源?
任何帮助将不胜感激.
解决方法
从由shdobxr链接的
article,关于KLIPS和Netkey的区别的最相关部分似乎如下:
When you apply firewall (iptables) rules,KLIPS is the easier case,
because with KLIPS,you can identify IPsec traffic,as this traffic
goes through ipsecX interfaces. You apply iptables rules to these
interfaces in the same way you apply rules to other network interfaces
(such as eth0).When using NETKEY,applying firewall (iptables) rules is much more
complex,as the traffic does not flow through ipsecX interfaces; one
solution can be marking the packets in the Linux kernel with iptables
(with a setmark iptables rule). This mark is a member of the kernel
socket buffer structure (struct sk_buff,from the Linux kernel
networking code); decryption of the packet does not modify that mark.
