Inkampani ye-Cloudflare iphrojekthi evulekile , lapho kuthuthukiswa khona ukuhlaziya iphakethe lenethiwekhi elifana ne-tcpdump, elakhiwe phezu kwesisekelo sohlelo olungaphansi. (Indlela yedatha ye-eXpress). Ikhodi yephrojekthi ibhalwe ku-Go and ngaphansi kwelayisensi ye-BSD. Iphrojekthi futhi umtapo wolwazi wokubopha izibambi zethrafikhi ze-eBPF kusuka kuzinhlelo zokusebenza ze-Go.
Insiza ye-xdpcap iyahambisana nezinkulumo zokuhlunga ze-tcpdump/libpcap futhi ikuvumela ukuthi ucubungule amanani amakhulu kakhulu wethrafikhi kuhadiwe efanayo. I-Xdpcap ingaphinda isetshenziselwe ukulungisa iphutha ezindaweni lapho i-tcpdump evamile ingasebenzi khona, njengokuhlunga, ukuvikelwa kwe-DoS, nezinhlelo zokulinganisa ukulayisha ezisebenzisa i-Linux kernel XDP subsystem, ecubungula amaphakethe ngaphambi kokuthi acutshungulwe yi-Linux kernel networking stack (tcpdump). ayiwaboni amaphakethe ehliswa isibambi se-XDP).
Ukusebenza okuphezulu kufinyelelwa ngokusetshenziswa kwe-eBPF ne-XDP subsystems. I-eBPF iyitolika ye-bytecode eyakhelwe ku-Linux kernel ekuvumela ukuthi udale izibambi ezisebenza kahle kakhulu zamaphakethe angenayo/aphumayo ngezinqumo mayelana nokuwadlulisela phambili noma ukuwalahla. Kusetshenziswa i-JIT compiler, i-eBPF bytecode ihunyushwa ngokuhamba kwesikhathi iye emiyalweni yomshini futhi isetshenziswe ngokusebenza kwekhodi yomdabu. Isistimu engaphansi ye-XDP (i-eXpress Data Path) ihambisana ne-eBPF ngamandla okuqhuba izinhlelo ze-BPF ezingeni lomshayeli wenethiwekhi, ngokusekelwa ukufinyelela okuqondile kubhafa yephakethe le-DMA futhi isebenze esiteji ngaphambi kokuthi isitaki se-skbuff sinikezwe isitaki senethiwekhi.
Njenge-tcpdump, insiza ye-xdpcap iqale ihumushe imithetho yokuhlunga yethrafikhi yezinga eliphezulu ibe isethulo se-BPF yakudala (cBPF) isebenzisa umtapo wezincwadi ojwayelekile we-libpcap, bese iyiguqulela kundlela ye-eBPF kusetshenziswa i-compiler. , usebenzisa ukuthuthukiswa kwe-LLVM/Clang. Kokukhiphayo, ulwazi lwethrafikhi lulondolozwa ngefomethi ye-pcap evamile, ekuvumela ukuthi usebenzise ukulahlwa kwethrafikhi okulungiselelwe nge-xdpcap ocwaningweni olulandelayo ku-tcpdump nezinye izihlaziyi zethrafikhi ezikhona. Isibonelo, ukuze uthwebule imininingwane yethrafikhi ye-DNS, esikhundleni sokusebenzisa umyalo othi "tcpdump ip ne-udp port 53", ungasebenzisa okuthi "xdpcap /path/to/hook capture.pcap 'ip and udp port 53β²" bese usebenzisa ukuthwebula. .pcap, isb. ngomyalo othi "tcpdump -r" noma ku-Wireshark.
Source: opennet.ru