Ụlọ ọrụ Cloudflare oghe oru ngo , n'ime nke a na-emepụta ihe nyocha nke netwọkụ nke yiri tcpdump, nke e wuru na ndabere nke subsystem. (Ụzọ data eXpress). Edere koodu oru ngo na Go na n'okpuru ikikere BSD. Ihe oru ngo a kwa Ọbá akwụkwọ maka ijikọ ndị na-ahụ maka okporo ụzọ eBPF sitere na ngwa Go.
Ngwa xdpcap dakọtara na okwu nzacha tcpdump/libpcap ma na-enye gị ohere ịhazi oke okporo ụzọ buru ibu n'otu ngwaike. Enwere ike iji Xdpcap maka nbipu na gburugburu ebe tcpdump na-adịghị adị, dị ka nzacha, nchedo DoS, na usoro nhazi ibu nke na-eji Linux kernel XDP subsystem, nke na-edozi ngwugwu tupu ahazi ya site na nchịkọta netwọk Linux kernel (tcpdump). anaghị ahụ ngwugwu onye njikwa XDP tụbara).
A na-enweta arụmọrụ dị elu site na iji eBPF na XDP subsystems. eBPF bụ onye ntụgharị okwu bytecode arụnyere n'ime Linux kernel nke na-enye gị ohere ịmepụta ndị na-arụ ọrụ dị elu nke ngwugwu mbata/ọpụpụ nwere mkpebi gbasara ibugharị ma ọ bụ ịtụfu ha. N'iji ihe nchịkọta JIT, eBPF bytecode ka a na-atụgharị na ofufe n'ime ntuziaka igwe ma jiri arụ ọrụ nke koodu obodo mee ya. Usoro nke XDP (eXpress Data Path) na-emeju eBPF n'ikike ịme mmemme BPF na ọkwa ọkwọ ụgbọ ala netwọk, yana nkwado maka ịnweta ngwa ngwa DMA na-arụ ọrụ na ogbo tupu ekenye ihe nchekwa skbuff site na nchịkọta netwọk.
Dị ka tcpdump, ọrụ xdpcap na-ebu ụzọ sụgharịa iwu nzacha okporo ụzọ dị elu ka ọ bụrụ nnochite anya BPF (cBPF) site na iji ọbá akwụkwọ libpcap ọkọlọtọ, wee tụgharịa ha n'ụdị usoro eBPF site na iji nchịkọta. , iji LLVM/Clang mmepe. Na mmepụta, a na-echekwa ozi okporo ụzọ n'ụdị pcap ọkọlọtọ, nke na-enye gị ohere iji nkwụsị okporo ụzọ kwadebere na xdpcap maka ọmụmụ ihe na-esote na tcpdump na ndị nyocha okporo ụzọ ndị ọzọ dị. Dịka ọmụmaatụ, iji weghara ozi okporo ụzọ DNS, kama iji iwu "tcpdump ip na udp port 53", ị nwere ike ịgba ọsọ "xdpcap /path/to/hook capture.pcap 'ip and udp port 53′" wee jiri njide. .pcap faịlụ, eg. na iwu "tcpdump -r" ma ọ bụ na Wireshark.
isi: opennet.ru