Title: |
Research of High-Performance Packet Capture Mechanism in Linux Environment |
Source: |
Asia-Pacific Youth Conference on Communication Technology (APYCCT 2010 E-BOOK)(Part 1 Cryptography and Information Security)
(pp 33-36)
|
Author(s): |
Ming Lei, Information and Communicatin Engineering Zhejiang University of Technology Hangzhou, China Shuqin Guo, Information and Communicatin Engineering Zhejiang University of Technology Hangzhou, China Fumei Sun, Information and Communicatin Engineering Zhejiang University of Technology Hangzhou, China Wen Liu, Information and Communicatin Engineering Zhejiang University of Technology Hangzhou, China Ming Ge, Information and Communicatin Engineering Zhejiang University of Technology Hangzhou, China Pan Zhuang, Information and Communicatin Engineering Zhejiang University of Technology Hangzhou, China |
Abstract: |
High-speed network packet capture is a prerequisite for the network security applications, such as protocol analysis, network firewall, network intrusion detection, etc. However, with the increasing of bandwidth network, wire-speed packet capture has become the bottleneck for the performance of network security applications. In this paper, the traditional network packet received is the research object. There is a detailed analysis about the impact of the data copy, system interruption on the capture performance, and a high-speed network packet capture platform ZeroC had been designed based on the "zero-copy" idea in Linux. The user space API code is provided to help the application programming facilitate access to the interface of zero copies. Through experiments, it showed high efficiency of packet capture on commercial PC in Gigabit network environment.
|