基于多核平台的高速网络流量实时捕获方法  被引量：9

作　　者：令瑞林[1] 李峻峰[1] 李丹[1] Ling Ruilin;Li Junfeng;Li Dan(Department of Computer Science and Technology,Tsinghua University,Beijing 100084)

机构地区：[1]清华大学计算机科学与技术系,北京100084

出　　处：《计算机研究与发展》2017年第6期1300-1313,共14页Journal of Computer Research and Development

基　　金：国家"八六三"高技术研究发展计划基金项目(2015AA01A705;2015AA016102);国家自然科学基金优秀青年科学基金项目(61522205)~~

摘　　要：随着互联网上应用的丰富和网络带宽的增长,带来的安全问题也与日剧增,除了传统的垃圾邮件、病毒传播、DDoS攻击外,还出现了新型的隐蔽性强的攻击方式.网络探针工具是一种部署在局域网出口处的旁路设备,能够收集当前进出网关的全部流量并进行分析,而网络探针工具中最重要的模块就是数据包的捕获.传统的Linux网络协议栈在捕获数据包时有诸多性能瓶颈,无法满足高速网络环境的要求.介绍了基于零拷贝、多核并行化等技术的多种新型的数据包捕获引擎,并基于Intel DPDK平台设计并实现了一个可扩展的数据包捕获系统,它能够利用接收端扩展(receiver-side scaling,RSS)技术实现多核并行化的数据包捕获、模块化的上层处理流程.除此之外,还讨论了更有效、更公平的将数据包分发到不同的接收队列所应使用的Hash函数.经过初步的实验验证,该系统能够实现接近线速的收包并且多个CPU核心间实现负载均衡.With the development of Internet application and the increase of network band width,security issues b e c o m e increasingly serious.In addition to the spread of the virus,s p a m s a n d D D o Sattacks,there have been lots of strongly hidden attack methods.N e t w o r k probe tools w h i c h aredeployed as a bypass device at the g a t e w a y of the intranet,can collect all the traffic of the currentn e t w o r k a n d analyze them.T h e m o s t important m o d u l e of the n e t w o r k probe is packet capture.InL i n u x n e t w o r k protocol stack,there are m a n y performance bottlenecks in the procedure of packetsprocessing w h i c h cannot m e e t the d e m a n d of high speed n e t w o r k environment.In this p a p e r,w eintroduce several n e w packet capture engines based o n zero-copy a n d multi-core technology.F u r t h e r,w e design a n d i m p l e m e n t a scalable high p erformance packet capture f r a m e w o r k based o n Intel D P D K,w h i c h uses R S S(receiver-side scaling)to m a k e packet capture parallelization a n d customize the packetprocessing.Additionally,this paper also discusses m o r e effective a n d fair H a s h function b y w h i c hdata packet can be deliveried to different receiving queues.In evaluation,w e can see that the s y s t e mcan capture an d process the packets in nearly line-speed a n d balance the load b e t w e e n C P U cores.

关 键 词：数据包捕获 接收端扩展 多核 DPDK平台 HASH函数 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]