Based On The Embedded Network Packet Capture Key Technology Research And Implementation

Since the computer network was invented, it has been gradually integrating into every corner of our lives. It brings us convenience of communication ,but also brings a variety of new problems. More and more countries and companys pay attention to the network securityToday, network security is facing a huge challenge. All kinds of security threats, attacks and destruction can be found everywhere. At the same time there are various network security technologies to solve this problem. Most of the technologies need the network data capture technology. Currently, the packet capture technology is relatively mature on PC platform, but it run under the less efficient on embedded platform which have only less storage space and less CPU resources. How to capture the network data packets efficiently on the embedded platform is a problem that we need to solve.This dissertation introduce current available network packet capture technology: BPF, DLPI, SOCK_PACKET and analyze the reason of the low performance of network packet capturing in detail. Then we introduce and analyze the technology: "zero-copy", memory mapping, TCP Offload Engine technology which improve the efficiency of the data packet capture.Research objectives of this dissertation is to provide a complete embedded-based network packet capture program, designed and implemented to the user interface of capture, while according to the hardware features of embedded systems design and implement the high performance network packet capture module on the embedded Linux platform and build a complete embedded-based network packet capture system. The system has three sub-modules:Capture Module: Receive the data packets from NIC and stored it in the kernel buffer which was allocated by the Buffer Management Module.Buffer Management Module: Create and release buffer to storage network data packets in the kernel and filter the packet. Provide the kernel to user space memory mapping and buffer management functions to use the kernel buffer efficiently Application program interface module: Set the filter rules. Reads the network packets from kernel and set other features.Finally, through the function and performance tests on confirmed the embedded platform the feasibility and efficiency of this system.