The new Linux 2.6 kernel offers many improvements over the 2.4 version. One area of technical advancement is in the kernel networking options. Although there are enhancements in most of the files associated with the networking options, this article focuses on major feature improvements and additions that affect entire sections rather than on specific files. Specifically, in this article we will address improvements to the Networking File System (NFS) and Internet Protocol Security (IPSec). We will also meet two new members of the TCP/IP protocol family, Stream Control Transmission Protocol (SCTP) and Internet Protocol version 6 (IPv6). . . .
The new Linux 2.6 kernel offers many improvements over the 2.4 version. One area of technical advancement is in the kernel networking options. Although there are enhancements in most of the files associated with the networking options, this article focuses on major feature improvements and additions that affect entire sections rather than on specific files.

Specifically, in this article we will address improvements to the Networking File System (NFS) and Internet Protocol Security (IPSec). We will also meet two new members of the TCP/IP protocol family, Stream Control Transmission Protocol (SCTP) and Internet Protocol version 6 (IPv6).

Network File System and security

The 2.6 kernel improves the Networking File System (NFS) by including version 4. This new version of NFS has better security, allows for more support across different operating systems, and has a reduced server daemon overhead.

The inclusion of version 4 of the Networking File System (NFSv4) into the 2.6 kernel allows for improvements in security and functionality not seen in previous versions of NFS. Users of NFS may now conduct secure transactions using a remote procedure call (RPC) implementation of the General Security Service (GSS) API. Designers also introduced the idea of a compound procedure, which combines multiple RPCs into one call. This combination of calls means that file system operations need fewer RPCs, leading to faster NFS response.

Reducing NFS overhead even more, NFS now handles file handle-to-path name mapping (mountd), as well as byte range file locking (lockd), which lessens the number of server-side support daemons required. To ease server-side implementations, NFSv4 includes an additional file handle type and provides classifications of file and file system attributes. This new NFS version also includes support for server migration and replication to enable clients to seamlessly change servers when needed. Finally, NFSv4 now has the ability to allow the server to delegate certain responsibilities to the client in caching situations where this option is desired.

The ability to use cryptographic authentication for NFS RPC requests provides support for end-to-end NFS security. NFSv4 uses the RPCSEC_GSS framework to extend the basic security of RPC. This security framework allows NFSv4 to provide mechanisms for authentication, integrity, and privacy between clients and servers. Clients also have the ability to query servers about their security policies with respect to which mechanisms must be used for access. This in-band security negotiation allows the client to securely match the server's security policy to the mechanism that meets both client and server requirements.

The link for this article located at linuxdevices.com is no longer available.