Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Cloudflare yatulutsa xdpcap, chowunikira magalimoto kutengera gawo la XDP

Cloudflare yatulutsa xdpcap, chowunikira magalimoto kutengera gawo la XDP

Kampani ya Cloudflare прСдставила pulojekiti yotseguka xdpcap, momwe makina owerengera paketi ofanana ndi tcpdump akupangidwira, omangidwa pamaziko a subsystem. XDP (eXpress Data Path). Khodi ya polojekitiyi yalembedwa mu Go ndi wogawidwa ndi pansi pa layisensi ya BSD. Ntchito nayonso kukonzekera laibulale yomangirira oyendetsa magalimoto a eBPF kuchokera ku mapulogalamu a Go.

Chida cha xdpcap chimagwirizana ndi mawu osefa a tcpdump/libpcap ndipo amakulolani kuti muthe kukonza kuchuluka kwa magalimoto pa hardware yomweyo. Xdpcap itha kugwiritsidwanso ntchito pokonza zolakwika m'malo omwe tcpdump yanthawi zonse siigwira ntchito, monga kusefa, chitetezo cha DoS, ndi makina owongolera katundu omwe amagwiritsa ntchito Linux kernel XDP subsystem, yomwe imayendetsa mapaketi asanakonzedwe ndi Linux kernel networking stack (tcpdump). sichiwona mapaketi akugwetsedwa ndi chogwirira cha XDP).

Kuchita bwino kumatheka pogwiritsa ntchito ma eBPF ndi XDP subsystems. eBPF ndi womasulira wa bytecode womangidwa mu kernel ya Linux yomwe imakulolani kuti mupange zogwirira ntchito zapamwamba zamapaketi omwe akubwera/otuluka ndi zisankho za kutumiza kapena kuwataya. Pogwiritsa ntchito compiler ya JIT, eBPF bytecode imamasuliridwa powuluka kukhala malangizo pamakina ndikuchitidwa ndi ma code awo. Dongosolo la XDP (eXpress Data Path) limakwaniritsa eBPF ndi kuthekera koyendetsa mapulogalamu a BPF pamlingo wa driver network, mothandizidwa ndi mwayi wofikira ku DMA packet buffer ndikugwira ntchito pa siteji buffer ya skbuff isanagawidwe ndi netiweki stack.

Monga tcpdump, chida cha xdpcap choyamba chimamasulira malamulo osefera magalimoto apamwamba muzoyimira za BPF (cBPF) pogwiritsa ntchito laibulale yanthawi zonse ya libpcap, kenako ndikusintha kukhala mawonekedwe a eBPF routines pogwiritsa ntchito compiler. cbpfc, pogwiritsa ntchito chitukuko cha LLVM/Clang. Pazotulutsa, zambiri zamagalimoto zimasungidwa mumtundu wa pcap, womwe umakulolani kuti mugwiritse ntchito malo otayiramo magalimoto okonzedwa mu xdpcap kuti muphunzire mu tcpdump ndi zowunikira zina zomwe zilipo kale. Mwachitsanzo, kuti mutenge zambiri zamagalimoto a DNS, m'malo mogwiritsa ntchito lamulo la "tcpdump ip ndi udp port 53", mutha kuthamanga "xdpcap /path/to/hook capture.pcap 'ip ndi udp port 53β€²" ndiyeno gwiritsani ntchito kujambula. .pcap, mwachitsanzo ndi lamulo "tcpdump -r" kapena mu Wireshark.

Source: opennet.ru

Kuwonjezera ndemanga