| Network has been deep into all aspects of production and life in the 21 st century and it has brought great benefits and convenience in our production and life. But problems also arise with it, especially network security. It not only affects our lives, but also influences the safety and interests of the company’s business. Then a variety of network security technologies and products have emerged and these products require a network packet capture system as its underlying support. Although many network packet capture systems have been designed and implemented, but they seem somewhat loss of strength in the huge flow data within the enterprise today. For instance, it can not achieve security or minimize the impact of business. So we look forward appearing a new packet capture system.The purpose of this paper is to design a new network packet capture systems by using DPDK technology. DPDK, as a high-speed network packet forwarding library, which provides a series of techniques of UIO, multi-core architecture framework, lock-free queues and huge-page memory. These technologies can be used to capture large flow of network packets in high speed. The network packet capture engine within the enterprise that be designed and realized in this article uses the open source suite which DPDK provides. The engine takes full advantage of its technological and then achieves a packet capture engine program with higher performance.The network packet capture system program which based on DPDK has been applied to audit products in a number of companies today. For example, the audit products which I involved in developing during my internship is the early use DPDK in China. so its technological superiority is very valuable.At first, this paper introduces the Linux kernel and associated packet capture mechanism and the main technical of DPDK and analyzes a key factor which affects packet capture efficiency in traditional packet capture technology programs. At second, it completes the demand analysis of network packet capture engine within the enterprise which based on database audit and the risk of controlling the system functional architecture. After that, this paper designs and realizes the engine memory management module, the audit module, KNI module and application program interface module which according to the needs analysis by using DPDK library. Then it narrates the process of construction of engine in custom made flushbonading platform in detail.At last, this paper proceed functional testing and performance testing by using the completed engine and draw a conclusion through the analysis of test results. Moreover, the engine can capture network packets at the bottom and also can send data packets through the application interface. Compared with the traditional packet capture program, the engine can reach higher efficiency of capturing the data packet at gigabit network. |
PDF Full Text Request