Inkampani ye-Cloudflare
Insiza ye-xdpcap iyahambisana nezinkulumo zokuhlunga ze-tcpdump/libpcap futhi ikuvumela ukuthi ucubungule amanani amakhulu kakhulu wethrafikhi kuhadiwe efanayo. I-Xdpcap ingaphinda isetshenziselwe ukulungisa iphutha ezindaweni lapho i-tcpdump evamile ingasebenzi khona, njengokuhlunga, ukuvikelwa kwe-DoS, nezinhlelo zokulinganisa ukulayisha ezisebenzisa i-Linux kernel XDP subsystem, ecubungula amaphakethe ngaphambi kokuthi acutshungulwe yi-Linux kernel networking stack (tcpdump). ayiwaboni amaphakethe ehliswa isibambi se-XDP).
Ukusebenza okuphezulu kufinyelelwa ngokusetshenziswa kwe-eBPF ne-XDP subsystems. I-eBPF iyitolika ye-bytecode eyakhelwe ku-Linux kernel ekuvumela ukuthi udale izibambi ezisebenza kahle kakhulu zamaphakethe angenayo/aphumayo ngezinqumo mayelana nokuwadlulisela phambili noma ukuwalahla. Kusetshenziswa i-JIT compiler, i-eBPF bytecode ihunyushwa ngokuhamba kwesikhathi iye emiyalweni yomshini futhi isetshenziswe ngokusebenza kwekhodi yomdabu. Isistimu engaphansi ye-XDP (i-eXpress Data Path) ihambisana ne-eBPF ngamandla okuqhuba izinhlelo ze-BPF ezingeni lomshayeli wenethiwekhi, ngokusekelwa ukufinyelela okuqondile kubhafa yephakethe le-DMA futhi isebenze esiteji ngaphambi kokuthi isitaki se-skbuff sinikezwe isitaki senethiwekhi.
Njenge-tcpdump, insiza ye-xdpcap iqale ihumushe imithetho yokuhlunga yethrafikhi yezinga eliphezulu ibe isethulo se-BPF yakudala (cBPF) isebenzisa umtapo wezincwadi ojwayelekile we-libpcap, bese iyiguqulela kundlela ye-eBPF kusetshenziswa i-compiler.
Source: opennet.ru