Kamfanin Cloudflare bude aikin , wanda a cikinsa ake haɓaka fakitin fakitin cibiyar sadarwa mai kama da tcpdump, wanda aka gina akan tsarin ƙasa. (Hanyar Bayanan eXpress). An rubuta lambar aikin a cikin Go da ƙarƙashin lasisin BSD. Aikin kuma ɗakin karatu don ɗaure masu kula da zirga-zirgar eBPF daga aikace-aikacen Go.
Mai amfani xdpcap ya dace da tcpdump/libpcap kalaman tacewa kuma yana ba ku damar aiwatar da manyan ɗimbin zirga-zirga akan kayan aiki iri ɗaya. Hakanan ana iya amfani da Xdpcap don gyarawa a cikin mahallin da ba a aiwatar da tcpdump na yau da kullun, kamar tacewa, kariya ta DoS, da tsarin daidaita kaya waɗanda ke amfani da tsarin Linux kernel XDP, waɗanda ke aiwatar da fakiti kafin sarrafa su ta hanyar sadarwar kernel ta Linux (tcpdump). baya ganin fakitin da mai sarrafa XDP ya sauke).
Ana samun babban aiki ta hanyar amfani da tsarin eBPF da XDP. eBPF mai fassarar bytecode ne wanda aka gina a cikin Linux kernel wanda ke ba ku damar ƙirƙirar manyan ayyuka na fakiti masu shigowa/mai fita tare da yanke shawara game da turawa ko jefar da su. Yin amfani da mai tara JIT, eBPF bytecode ana fassara shi akan tashi zuwa umarnin injin kuma ana aiwatar da shi tare da aikin lambar asali. Tsarin tsarin XDP (eXpress Data Path) ya cika eBPF tare da ikon gudanar da shirye-shiryen BPF a matakin direba na cibiyar sadarwa, tare da goyan baya don samun damar kai tsaye zuwa buffer fakitin DMA da aiki a matakin kafin skbuff buffer ya keɓe ta hanyar cibiyar sadarwa.
Kamar tcpdump, xdpcap mai amfani ya fara fassara manyan matakan tace ka'idojin zirga-zirga zuwa cikin ƙa'idar wakilcin BPF (cBPF) ta amfani da daidaitaccen ɗakin karatu na libpcap, sannan ya canza su zuwa hanyar eBPF na yau da kullun ta amfani da mai tarawa. , ta amfani da ci gaban LLVM/Clang. A wurin fitarwa, ana adana bayanan zirga-zirga a cikin daidaitaccen tsarin pcap, wanda ke ba ku damar amfani da jujjuyar zirga-zirgar da aka shirya a xdpcap don nazarin gaba a tcpdump da sauran masu nazarin zirga-zirgar ababen hawa. Misali, don kama bayanan zirga-zirgar DNS, maimakon amfani da umarnin "tcpdump ip da udp port 53", zaku iya gudanar da "xdpcap /path/to/hook capture.pcap 'ip and udp port 53'" sannan kuyi amfani da kama. .pcap fayil, misali tare da umurnin "tcpdump -r" ko a cikin Wireshark.
source: budenet.ru