Shirkadda Cloudflare mashruuc furan , kaas oo lagu samaynayo falanqeeye xirmo shabakad la mid ah tcpdump, oo lagu dhisay nidaamka hoose (Dariiqa Xogta eXpress). Xeerka mashruuca wuxuu ku qoran yahay Go iyo hoos yimaada shatiga BSD. Mashruuca sidoo kale maktabad loogu talagalay in lagu xidho taraafikada eBPF ee codsiyada Go.
Utility xdpcap wuxuu la jaan qaadayaa tibaaxaha shaandhaynta tcpdump/libpcap wuxuuna kuu ogolaanayaa inaad ku socodsiiso tiro aad u weyn oo taraafikada isla qalab isku mid ah. Xdpcap sidoo kale waxaa loo isticmaali karaa sixitaannada meelaha aan tcpdump caadiga ah aan lagu dabaqi karin, sida shaandheynta, ilaalinta DoS, iyo nidaamyada isku dheelitirka culeyska ee adeegsada nidaamka hoosaadka Linux kernel XDP, kaas oo socodsiiya xirmooyinka ka hor inta aan lagu farsameyn xirmooyinka isku xirka kernel Linux (tcpdump). ma arko baakado uu tuuray maamulaha XDP).
Waxqabadka sare waxaa lagu gaaraa isticmaalka eBPF iyo XDP. eBPF waa turjumaan bytecode ah oo lagu dhex dhisay kernel Linux kaas oo kuu ogolaanaya inaad abuurto maamulayaal wax-qabad sare leh ee xirmooyinka soo galaya/ baxaya ee leh go'aannada ku saabsan gudbinta ama tuurista. Isticmaalka isku-dariyaha JIT, eBPF bytecode waxaa loo tarjumay duullimaad ahaan tilmaamaha mashiinka waxaana lagu fuliyaa waxqabadka koodka asalka ah. Nidaamka-hoosaadka XDP (eXpress Data Path) wuxuu dhammaystirayaa eBPF oo leh awoodda lagu socodsiiyo barnaamijyada BPF ee heerka darawalka shabakada, iyadoo la taageerayo gelitaanka tooska ah ee xirmada baakidhka DMA oo ka shaqeeya marxaladda ka hor inta aan kaydka skbuff-ka loo qoondayn kaydinta shabakadda.
Sida tcpdump, utility xdpcap wuxuu marka hore u tarjumaa shuruucda shaandhaynta taraafikada heerka sare ah ee matalida BPF ee caadiga ah (cBPF) iyadoo la adeegsanayo maktabadda libpcap caadiga ah, ka dibna u beddela qaabka joogtada ah eBPF iyadoo la adeegsanayo iskuduwe , iyadoo la isticmaalayo LLVM/Clang horumarinta Marka la soo saaro, macluumaadka taraafikada waxaa lagu keydiyaa qaabka caadiga ah ee pcap, kaas oo kuu ogolaanaya inaad isticmaasho qashinka taraafigga ee lagu diyaariyay xdpcap daraasadda xigta ee tcpdump iyo falanqeeyayaasha taraafikada kale ee jira. Tusaale ahaan, si aad u qabato macluumaadka taraafikada DNS, halkii aad isticmaali lahayd "tcpdump ip iyo udp port 53", waxaad wadi kartaa "xdpcap /path/to/hook capture.pcap 'ip iyo udp port 53" ka dibna isticmaal qabashada. .pcap, tusaale ahaan amarka "tcpdump -r" ama gudaha Wireshark.
Source: opennet.ru