| With the rapid development of Internet, the number of network users and the type of network applications has been grown quickly. To take management and security into consideration, it is necessary to monitor the content of packet through the network. However, the traditional methods to capture network packet can't satisfy the performance of real-time with the rapid growth in network speed. The object of this thesis is to discuss the way to improve the performance of real-time in packet capture system, and then design and implement a high-performance software platform.Firstly, this thesis introduces the BPF (Berkeley Packet Filter) that is widely used in packet capture system based on Linux. And then it analyzes the main factors that affect packet capture performance of BPF in the following aspects: system bus, filtering algorithm, the kernel and application process. In order to satisfy the requirement of gigabit network, we design the software platform that is used at high-performance hardware of packet capture. We adopt the zero-copy, efficient buffer management and interrupt-driven combination of polling technology in this software platform, it can guarantee real-time processing of the kernel data in transmission, storage and searching, and has following advantages: shortening the data flowing path, promoting the sharing of data and reducing overhead of interrupt handling. Those designs of software make sure that the whole system can achieve real-time packet processing and real-time packet capture in gigabit network.By testing this system in a simulative environment of gigabit network, the results have proved that it can be suitable for real-time packet capture with low CPU utilization.Finally, we give some advices of improving software used in a SMP (Symmetric Multiple Processor) system. |
PDF Full Text Request