Inkampani yeCloudflare
Umsebenzi we-xdpcap uyahambelana ne-tcpdump/libpcap yokucoca iintetho kwaye ikuvumela ukuba uqhubekisele phambili imiqulu emikhulu yetrafikhi kwihardware efanayo. I-Xdpcap ingasetyenziselwa ukulungisa iimpazamo kwiimeko apho i-tcpdump eqhelekileyo ingasebenziyo, njengokucoca, ukhuseleko lwe-DoS, kunye neenkqubo zokulinganisa umthwalo ezisebenzisa i-Linux kernel XDP subsystem, eqhuba iipakethi phambi kokuba ziqwalaselwe yi-Linux kernel networking stack (tcpdump). ayiziboni iipakethi eziwiswe sisiphathi se-XDP).
Ukusebenza okuphezulu kuphunyezwa ngokusetyenziswa kwe-eBPF kunye ne-XDP subsystems. I-eBPF yitoliki ye-bytecode eyakhelwe kwi-Linux kernel ekuvumela ukuba wenze abaphathi bokusebenza okuphezulu kweepakethi ezingenayo / eziphumayo kunye nezigqibo malunga nokuzithumela okanye ukuzilahla. Ukusebenzisa i-JIT compiler, i-bytecode ye-eBPF iguqulelwa kwi-fly kwimiyalelo yomatshini kwaye iqhutywe kunye nokusebenza kwekhowudi yendabuko. I-XDP (i-eXpress Data Path) incedisana ne-eBPF ngokukwazi ukuqhuba iinkqubo ze-BPF kwinqanaba lomqhubi wenethiwekhi, ngenkxaso yokufikelela ngokuthe ngqo kwi-packet buffer ye-DMA nokusebenza kwinqanaba phambi kokuba isithinteli se-skbuff sabiwe sisitaki sothungelwano.
Njenge-tcpdump, into eluncedo ye-xdpcap kuqala iguqulela imithetho yokucoca i-traffic ekumgangatho ophezulu kumelo lwe-BPF yakudala (cBPF) isebenzisa ithala leencwadi eliqhelekileyo le-libpcap, emva koko liyiguqulele kuhlobo lweendlela ze-eBPF usebenzisa umqokeleli.
umthombo: opennet.ru