Cloudflare Company open project , mukati meiyo network packet analyzer yakafanana netcpdump iri kugadzirwa, yakavakirwa pahwaro hweiyo subsystem. (eXpress Data Nzira). Iyo kodhi yeprojekiti yakanyorwa muGo uye pasi peBSD rezinesi. Iyo purojekiti zvakare raibhurari yekusunga eBPF traffic handlers kubva kuGo application.
Iyo xdpcap utility inowirirana netcpdump/libpcap kusefa mataurirwo uye inobvumidza iwe kugadzirisa zvakakura zvakakura mavhoriyamu e traffic pane imwechete hardware. Xdpcap inogona zvakare kushandiswa kugadzirisa dhizaini munzvimbo dzinogara tcpdump isingashande, sekusefa, kudzivirira kweDoS, uye mitoro yekuenzanisa masisitimu anoshandisa Linux kernel XDP subsystem, iyo inogadzirisa mapaketi asati agadziriswa neLinux kernel networking stack (tcpdump). haione mapaketi akadonhedzwa nemubati weXDP).
Kuita kwepamusoro kunowanikwa kuburikidza nekushandisa eBPF neXDP subsystems. eBPF muturikiri webytecode akavakirwa muLinux kernel iyo inokutendera iwe kuti ugadzire epamusoro-soro ekubata emapaketi anouya/anobuda ane sarudzo dzekutumira kana kuirasa. Uchishandisa JIT compiler, eBPF bytecode inoshandurirwa panhunzi kuita mirairo yemuchina uye inoitwa nekuita kwekodhi kodhi. Iyo XDP (eXpress Data Path) subsystem inozadzisa eBPF nekugona kumhanyisa zvirongwa zveBPF padanho rekutyaira network, nerutsigiro rwekuwana zvakananga kuDMA packet buffer uye kushanda pachinhanho skbuff buffer isati yapihwa netiweki stack.
Senge tcpdump, iyo xdpcap utility inotanga yadudzira yakakwira-level mitemo yekusefa mune yekare BPF inomiririra (cBPF) uchishandisa yakajairwa libpcap raibhurari, uye yobva yaashandura kuita eBPF maitiro uchishandisa compiler. , uchishandisa LLVM/Clang budiriro. Pazvinobuda, ruzivo rwetraffic runochengetwa mune yakajairwa pcap fomati, iyo inokutendera kuti ushandise traffic dump yakagadzirirwa muxdpcap yeinotevera kudzidza mutcpdump uye mamwe aripo anoongorora traffic. Semuenzaniso, kutora DNS traffic information, pane kushandisa "tcpdump ip uye udp port 53" command, unogona kumhanya "xdpcap /path/to/hook capture.pcap 'ip uye udp port 53β²" uye wozoshandisa kutora. .pcap faira, semuenzaniso nemurairo "tcpdump -r" kana muWireshark.
Source: opennet.ru