ProHoster > Blog > litaba tsa inthanete > Cloudflare e phatlalalitse xdpcap, mohlahlobi oa sephethephethe o thehiloeng ho subsystem ea XDP

Cloudflare e phatlalalitse xdpcap, mohlahlobi oa sephethephethe o thehiloeng ho subsystem ea XDP

Khamphani ea Cloudflare hlahisoa bula morero xdpcap, moo ho ntseng ho etsoa analyzer ea pakete ea marang-rang e ts'oanang le tcpdump, e hahiloeng motheong oa subsystem. XP (eXpress Data Path). Khoutu ea morero e ngotsoe ho Go le ajoa ke tlas'a laesense ea BSD. Morero le ona lokisitsoe laeborari e tlamang ba sebetsanang le sephethephethe sa eBPF ho tsoa lits'ebetsong tsa Go.

Ts'ebeliso ea xdpcap e tsamaellana le mantsoe a sefang a tcpdump/libpcap mme e o lumella ho sebetsana le bongata bo boholo ba sephethephethe ho lisebelisoa tse tšoanang. Xdpcap e ka boela ea sebelisoa bakeng sa ho lokisa liphoso libakeng tseo tcpdump e tloaelehileng e sa sebetseng teng, joalo ka ho sefa, ts'ireletso ea DoS, le tsamaiso ea ho leka-lekanya thepa e sebelisang Linux kernel XDP subsystem, e sebetsanang le lipakete pele li sebetsoa ke Linux kernel networking stack (tcpdump). ha e bone liphutheloana tse theoleloang ke moetsi oa XDP).

Tshebetso e phahameng e fihlellwa ka tshebediso ya ditsamaiso tse nyane tsa eBPF le XDP. eBPF ke toloko ea bytecode e hahiloeng ka har'a kernel ea Linux e u lumellang hore u thehe batho ba sebetsang hantle haholo ba lipakete tse kenang/tse tsoang ka liqeto mabapi le ho li fetisetsa kapa ho li lahla. U sebelisa sekopanyi sa JIT, eBPF bytecode e fetoleloa hang-hang ho ea ho litaelo tsa mochini mme e etsoa ka ts'ebetso ea khoutu ea lehae. Sesistimi e nyane ea XDP (eXpress Data Path) e tlatsana le eBPF ka bokhoni ba ho tsamaisa mananeo a BPF maemong a mokhanni oa marang-rang, ka ts'ehetso ea phihlello e tobileng ho buffer ea pakete ea DMA le ho sebetsa sethaleng pele buffer ea skbuff e abeloa ke stack ea marang-rang.

Joalo ka tcpdump, ts'ebeliso ea xdpcap e qala ho fetolela melao ea boemo bo holimo ea ho sefa sephethephethe ho boemeli ba khale ba BPF (cBPF) e sebelisa laeborari e tloaelehileng ea libpcap, ebe e e fetolela ka mokhoa oa mekhoa ea eBPF e sebelisa motlalehi. cbpfc, ho sebelisa LLVM/Clang nts'etsopele. Tlhahisoleseding ea sephethephethe e bolokiloe ka mokhoa o tloaelehileng oa pcap, o u lumellang hore u sebelise thotobolo ea sephethephethe e lokiselitsoeng ka xdpcap bakeng sa boithuto bo latelang ho tcpdump le litlhahlobo tse ling tse teng tsa sephethephethe. Ka mohlala, ho hapa lintlha tsa sephethephethe sa DNS, ho e-na le ho sebelisa taelo ea "tcpdump ip le udp port 53", u ka matha "xdpcap /path/to/hook capture.pcap 'ip le udp port 53′" ebe u sebelisa ho hapa. .pcap, mohlala, ka taelo "tcpdump -r" kapa ho Wireshark.

Source: opennet.ru

Eketsa ka tlhaloso