关键字:数据包捕获,libpcap,内存拷贝,系统调用,内核模块
An Efficient Packet Capture Method Based On Linux
Abstract
With the rapid development of network technologies, networks are becoming more and more complicated as the scale of networks are expanding, new applications are emerging, and the heterogeneity of networks is deepening. It is necessary to monitor networks traffic in real time and manage networks on-line. Through network traffic measurement, we can obtain the details of the traffic, such as link utilization, the distribution of the different protocols, the distribution of packet size, and so on. It will guide the maintenance and management of networks and facilitate the design of networks.
There are many challenges in high-speed network traffic monitoring; one of the most important bottlenecks is packet capturing. But it is too expensive and lack of flexibility to use the special hardware. Because of hardware capability and operating system overhead limitations, the existing network traffic monitoring tools based on software can only perform well at low speed network with the link rate below 100Mbps.Except the limit of hardware system like CPU, PCI, Memory, Cache. This thesis analysis the limit of traditional methods of captured data packet. We also analysis the overhead of its process of Implementation and then Implement a methods which is based on common PC and linux kernel and suit for GE high-speed network. The method which makes use of the characters of kernel module, reduces the overhead of system calls and memory copy times. The experiments show that the method which makes use of the characters of kernel module can enhance the performance much than one traffic analysis tool based on Libpcap.