Inkampani yeCloudflare vula iprojekthi , ngaphakathi apho uhlalutyi lwepakethe yenethiwekhi efana ne tcpdump iphuhliswayo, eyakhelwe kwisiseko sendlela esezantsi (Indlela yeDatha ye-eXpress). Ikhowudi yeprojekthi ibhaliwe kwi-Go kunye phantsi kwelayisensi ye-BSD. Iprojekthi nayo ithala leencwadi elibophelelayo i-eBPF yokuphatha izithuthi ukusuka kwizicelo zeGo.
Umsebenzi we-xdpcap uyahambelana ne-tcpdump/libpcap yokucoca iintetho kwaye ikuvumela ukuba uqhubekisele phambili imiqulu emikhulu yetrafikhi kwihardware efanayo. I-Xdpcap ingasetyenziselwa ukulungisa iimpazamo kwiimeko apho i-tcpdump eqhelekileyo ingasebenziyo, njengokucoca, ukhuseleko lwe-DoS, kunye neenkqubo zokulinganisa umthwalo ezisebenzisa i-Linux kernel XDP subsystem, eqhuba iipakethi phambi kokuba ziqwalaselwe yi-Linux kernel networking stack (tcpdump). ayiziboni iipakethi eziwiswe sisiphathi se-XDP).
Ukusebenza okuphezulu kuphunyezwa ngokusetyenziswa kwe-eBPF kunye ne-XDP subsystems. I-eBPF yitoliki ye-bytecode eyakhelwe kwi-Linux kernel ekuvumela ukuba wenze abaphathi bokusebenza okuphezulu kweepakethi ezingenayo / eziphumayo kunye nezigqibo malunga nokuzithumela okanye ukuzilahla. Ukusebenzisa i-JIT compiler, i-bytecode ye-eBPF iguqulelwa kwi-fly kwimiyalelo yomatshini kwaye iqhutywe kunye nokusebenza kwekhowudi yendabuko. I-XDP (i-eXpress Data Path) incedisana ne-eBPF ngokukwazi ukuqhuba iinkqubo ze-BPF kwinqanaba lomqhubi wenethiwekhi, ngenkxaso yokufikelela ngokuthe ngqo kwi-packet buffer ye-DMA nokusebenza kwinqanaba phambi kokuba isithinteli se-skbuff sabiwe sisitaki sothungelwano.
Njenge-tcpdump, into eluncedo ye-xdpcap kuqala iguqulela imithetho yokucoca i-traffic ekumgangatho ophezulu kumelo lwe-BPF yakudala (cBPF) isebenzisa ithala leencwadi eliqhelekileyo le-libpcap, emva koko liyiguqulele kuhlobo lweendlela ze-eBPF usebenzisa umqokeleli. , usebenzisa uphuhliso lwe-LLVM/Clang. Kwimveliso, ulwazi lwetrafikhi lugcinwa kwifomati ye-pcap eqhelekileyo, ekuvumela ukuba usebenzise i-traffic dump elungiselelwe kwi-xdpcap kwisifundo esilandelayo kwi-tcpdump kunye nabanye abahlalutyi bezithuthi ezikhoyo. Umzekelo, ukubamba ulwazi lwetrafikhi ye-DNS, endaweni yokusebenzisa i-"tcpdump ip kunye ne-udp port 53" umyalelo, ungaqhuba "xdpcap /path/to/hook capture.pcap 'ip kunye ne-udp port 53β²" kwaye emva koko usebenzise ukubamba. .pcap ifayile, umzekelo ngomyalelo "tcpdump -r" okanye kwi-Wireshark.
umthombo: opennet.ru