摘要： 针对采用网络驱动接口规范(NDIS)实现IPSec VPN系统过程中存在的问题，提出一种基于防火墙钩子的IPSec VPN系统，研究了Windows网络层防火墙钩子数据包过滤技术，将IPSec封包处理提升到网络层中加以实现。该系统能有效解决由NDIS实现方式引起的MTU处理、路由和数据包分片、重组等问题，提高了系统处理效率，且具有较好的应用特性。

关键词: IPSec VPN系统, 防火墙钩子, 网络驱动接口规范

Abstract: Aiming at the problems existed in the process of using Network Driver Interface Specification(NDIS) to implement IPSec VPN system, a new IPSec VPN system based on firewall hook is presented, and the data packet filtering technology for firewall hook at Windows network layer is researched, which upgrades the IPSec encapsulation processing to network layer and implements it. This system can effectively solve the problems caused by NDIS such as MTU, routing and reassembly. It promotes the processing efficiency and has better performance of application.

Key words: IPSec VPN system, firewall hook, Network Driven Interface Specification(NDIS)

中图分类号: 

• TP393.08