基于Linux的一种快速数据包捕获方法论文.doc

基于Linux的一种快速数据包捕获方法 摘 要 随着网络规模的不断扩大，网络异构程度不断加深，计算机网络变得日益复杂，迫切需要对网络的流量进行实时、在线的监控和管理。网络流量监测分析可以获得详细的流量特征，如流量大小、协议分布、数据包大小分布等信息，从而指导网络运维、管理与规划设计。 网络流量监测分析必须解决的一个技术难点是如何实现高速链路的数据包捕获。采用专用硬件价格比较昂贵，且缺乏灵活性；传统的基于软件实现的捕包方法由于受到硬件性能和操作系统开销的影响，只适用于百兆及以下速率的低速链路中。除去硬件系统—CPU， PCI， Memory， Cache机制等本身固有的处理能力限制外，本文分析了传统基于软件的数据包捕获方法所存在的局限性，研究如何控制其实现过程中的开销，进而实现了一种基于Linux内核的高速链路数据包捕获方法，该方法在通用PC上实现，适应Gigabits级高速链路环境。实验表明，基于内核的捕包方法降低了系统调用和内存拷贝，提高了流量分析的能力，与libpcap捕包能力相比有明显的提高。 关键字：数据包捕获,libpcap,内存拷贝,系统调用,内核模块 An Efficient Packet Capture Method Based On Linux Abstract With the rapid development of network technologies, networks are becoming more and more complicated as the scale of networks are expanding, new applications are emerging, and the heterogeneity of networks is deepening. It is necessary to monitor networks traffic in real time and manage networks on-line. Through network traffic measurement, we can obtain the details of the traffic, such as link utilization, the distribution of the different protocols, the distribution of packet size, and so on. It will guide the maintenance and management of networks and facilitate the design of networks. There are many challenges in high-speed network traffic monitoring; one of the most important bottlenecks is packet capturing. But it is too expensive and lack of flexibility to use the special hardware. Because of hardware capability and operating system overhead limitations, the existing network traffic monitoring tools based on software can only perform well at low speed network with the link rate below 100Mbps.Except the limit of hardware system like CPU, PCI, Memory, Cache. This thesis analysis the limit of traditional methods of captured data packet. We also analysis the overhead of its process of Implementation and then Implement a methods which is based on common PC and linux kernel and suit for GE high-speed network. The method which makes use of the characters of kernel module, reduces the overhead of system calls and memory cop