以下是网学网为您推荐的其他类别-基于Linux的一种快速数据包捕获方法,希望本篇文章对您学习有所帮助。
论文字数:20107,页数:48 有开题报告,任务书
摘 要
随着网络规模的不断扩大,网络异构程度不断加深,计算机网络变得日益复杂,迫切需要对网络的流量进行实时、在线的监控和管理。网络流量监测分析可以获得详细的流量特征,如流量大小、协议分布、数据包大小分布等信息,从而指导网络运维、管理与规划设计。
网络流量监测分析必须解决的一个技术难点是如何实现高速链路的数据包捕获。采用专用硬件价格比较昂贵,且缺乏灵活性;传统的基于软件实现的捕包方法由于受到硬件性能和操作系统开销的影响,只适用于百兆及以下速率的低速链路中。除去硬件系统—CPU, PCI, Memory, Cache机制等本身固有的处理能力限制外,本文分析了传统基于软件的数据包捕获方法所存在的局限性,研究如何控制其实现过程中的开销,进而实现了一种基于Linux内核的高速链路数据包捕获方法,该方法在通用PC上实现,适应Gigabits级高速链路环境。实验表明,基于内核的捕包方法降低了系统调用和内存拷贝,提高了流量分析的能力,与libpcap捕包能力相比有明显的提高。
关键字:数据包捕获,libpcap,内存拷贝,系统调用,内核模块
An Efficient Packet Capture Method Based On Linux
Abstract
With the rapid development of network technologies, networks are becoming more and more complicated as the scale of networks are expanding, new applications are emerging, and the heterogeneity of networks is deepening. It is necessary to monitor networks traffic in real time and manage networks on-line. Through network traffic measurement, we can obtain the details of the traffic, such as link utilization, the distribution of the different protocols, the distribution of packet size, and so on. It will guide the maintenance and management of networks and facilitate the design of networks.
There are many challenges in high-speed network traffic monitoring; one of the most important bottlenecks is packet capturing. But it is too expensive and lack of flexibility to use the special hardware. Because of hardware capability and operating system overhead limitations, the existing network traffic monitoring tools based on software can only perform well at low speed network with the link rate below 100Mbps.Except the limit of hardware system like CPU, PCI, Memory, Cache. This thesis analysis the limit of traditional methods of captured data packet. We also analysis the overhead of its process of Implementation and then Implement a methods which is based on common PC and linux kernel and suit for GE high-speed network. The method which makes use of the characters of kernel module, reduces the overhead of system calls and memory copy times. The experiments show that the method which makes use of the characters of kernel module can enhance the performance much than one traffic analysis tool based on Libpcap.
Key Words: Packet Capture,libpcap,Memory Copy,system call,kernel module
目 录
1.绪论 1
1.1 研究背景 1
1.2 研究意义 2
1.3 研究现状 2
1.4 本文结构 3
2.网络流量监测概述 5
2.1 网络流量的基本概念 5
2.1.1 网络流量的基本定义 5
2.1.2数据包监测的定义 5
2.1.3中断活锁的概念 6
2.2 网络监听原理 6
2.2.1 以太网监听原理 6
2.2.2 网卡的四种工作模式 7
2.3 Linux操作系统数据包捕获方法 8
2.3.1 Linux系统接收数据包的过程 9
2.3.2 Linux系统中流量分析性能影响因素 10
3.基于内核捕包方案的分析 12
3.1 常规的数据包捕获方案 12
3.1.1 Libpcap 12
3.1.2 Libpcap的传统捕获机制影响 12
3.1.3 Libpcap捕包方法的不足 13
3.2存在的性能提升空间 14
3.3 基于内核捕包方案原理 15
3.3.1 Linux内核的数据包处理 15
3.3.2 基于Linux内核的捕包方案原理 16
3.4基于内核捕包方案性能分析 17
4.基于内核捕包方案的设计与实现 19
4.1设计概述 19
4.2 实现方案 20
4.2.1 实现的环境 20
4.2.2 方案的实现 20
4.3实现结果 24
5.实验结果分析 27
5.1 实验环境 27
5.1.1 libnet简介 27
5.1.2实验室环境配置 28
5.2数据包捕获能力测试 29
5.3数据包深度分析能力测试 30
5.4 结论 31
6.总结与展望 33
致谢 34
参考文献 35
附录A 主要源程序 36