Research On Universal Packet Capture Technology Based On Multi-Core CPU

With the era of high-speed networks, the security issues become more and more important. As the front-end of network monitoring, packet capture technology becomes a research hot. Traditional packet capture technology can not be competent for the task of packet capture, in the current network conditions. Zero-copy technology solves the problem of poor packet capture ability and high system resource consumption, to a large extent. However, the emerged zero-copy-based packet capture platform is subjects to limited upgrading performance, and poor portability. In addition, there is still no packet capture scheme for multi-core processors, unable to fully exert advantage of parallel computing in multi-core condition, with a waste of hardware resources. Therefore, the high performance packet capture scheme running at the multi-core condition, which has universality, become the research priorities of packet capture technology.Combined with the project of "IPv4-IPv6 convergence network chip research and industrialization", this dissertation analyzed of existing packet capture related technology. For the current problems in zero-copy technology, including obsolete key elements of technology, bad portability caused by strong appropriability, and application for multi-core conditions, this dissertation proposed and implemented improvements in zero-copy technology, a universal zero-copy packet capture program, the application solution of zero-copy technology in multi-core environment, and finally designed and implemented the universal packet capture platform based on multi-core CPU. Through the performance test of various packet capture platforms, test results show that the platform proposed in the paper achieves universal in mainstream hardware configuration and software environment, it can take full advantage of multi-core resources to further enhance the zero-copy packet capture platform, and reduce memory occupation and CPU utilization. To sum up, the main work is as follows:1. Improvements of zero-copy technology is proposed and implemented. After Analysis of the opration principle of traditional packet capture technology and the implementation mechanism of zero-copy packet capture platform, four main aspects were modified and improved, according to requirements of fast packet capture. Firstly, DMA mapping required pre-allocating packet buffers for it. In this paper, the method of dynamical allocation in the kernel state was adopted, rather than the traditonal method of static allocation of buffers in the user state, reducing the memory consumption and waste in the original scheme. Secondly, the zero-copy memory mapping techniques no longer relied on the page fault handling mechanism, directly use the function vm_insert_page () to submit the physical page to the user space to reduce the context switching. Thirdly, no longer design their own synchronization mechanism, use the descriptor ring structures, which card supported, so that software programs and hardware devices can achieve data synchronization between user programs and card hardware, according to the scheduled read and write rules. Forthly, abandoned the complex user program polling engine, used NAPI and interrupt control of cards, and designed an interrupt alleviation mechanism, giving an effective solution to the problem of interrupt annihilation.2. A universal zero-copy packet capture scheme was proposed and implemented. Some in Linux kernel and NAPI mechanism, the key process of a network data processing is found. Directly modify the standard kernel and change the traditional data access, zero-copy work is completed in the kernel. In the premise of without modification on the network card driver, the universal zero-copy technology is achieved. The paper designed the universal zero-copy module, and gives a detailed implementation process.3. An application scheme of zero-copy technology for multi-core processors is proposed and implemented. User module and kernel module separately perform the operation of binding to CPU core. Initializated each CPU core, and assigned specific data areas for each of them, and ultimately to schedule and control the CPU core. The NAPI mechanism under structure of SMP was improved, and a switching mechanism of the interruption load distribution was proposed. It alleviated the conflicts between interrupt affinity and task migration of interruption, improved the NAPI efficiency in the condition of multi-core. In the kernel mode, create multi-threaded programs, which were concurrently implemented to complete multi-core CPU memory mapping and data synchronization.4. A universal packets capture platform based on multi-core processors was designed and implemented, and the performance of each packet capture platform was tested through it. The overall structure of the packet capture platform was designed. The platform's interrupt control module, multi-core binding module, the memory mapping module and the synchronization module was described, and the platform workflow was introduced. After that, the test environment was built. Under two different hardware configuration, the proposed approach and implementation platform was tested. The results show that the performance of the packet capture platform can smooth work in two different hardware environment, and approached to the wire-speed processing capacity, the interrupt task load was balanced, CPU usage and memory consumption were both lower than the existing zero-copy platforms. It verified the effectiveness and correctness of theoretical study and the scheme implementation.