Research Of High-Performance Packet Capture Mechanism In Linux Environment

With the popularization of computer applications and the rapid development of network, network traffic and bandwidth in the rapid growth of a variety of network applications on network security requirements are rising. Especially with the application of fiber optic broadband, network bandwidth has been reached even Gigabit level, some of the traditional network packet capture tools (such as Libpcap) has been unable to meet the current network applications in high-speed network packet capture on demand. In order to router, firewall, IDS and other systems to provide a reliable packet capture system, what is high traffic, high load conditions the packet capture technology becomes extremely urgent and necessary.Solution to this problem is currently divided into two kinds. The first is to proceed from the hardware, specifically designed for network packet capture device, the packet capture and processing terminal separated, that while greatly improved the packet capture and processing efficiency, but also brought the high hardware cost. The second mechanism is the use of software through data processing within the operating system to optimize and improve processes to achieve high efficiency and lower packet capture system resource consumption, so that significant cost savings and also has great facilities platform versatility.This paper reference to the relevant international literature and existing research results, base on the research of Linux kernel and related network technology , and analysed the data packets received in the whole process of the operating system bottlenecks, by implementing a high performance packet capture platform to address these bottlenecks, making the network packet capture performance has been greatly improved.Main tasks:1.Analysed the Linux system protocol stack and the internal characteristics of the network packet processing, analysed the traditional packet capture tools-Libpcap2 .Establish the traditional Linux kernel protocol stack packet receiving process performance model, analysed the bottlenecks in the network drive layer and the kernel stack, then introduce the key technologies exist in zero-copy platform. 3.Based on the previous chapters research and analysis, have designed a high-performance zero-copy packet capture platform ZeroC. ZeroC composed of three parts, part of the network card driver module, the other is located in the space of zero-copy kernel modules, the last part is the user interface module, and is compatible with Libpcap interface.4.Test the performance of ZeroC platform and libpcap, analysed the test data.