CN114070900B - DPDK-based packet capture processing method and device - Google Patents
DPDK-based packet capture processing method and device Download PDFInfo
- Publication number
- CN114070900B CN114070900B CN202010732522.6A CN202010732522A CN114070900B CN 114070900 B CN114070900 B CN 114070900B CN 202010732522 A CN202010732522 A CN 202010732522A CN 114070900 B CN114070900 B CN 114070900B
- Authority
- CN
- China
- Prior art keywords
- tcpdump
- packet
- resource
- dpdk
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a packet capture processing method and device based on DPDK, which are applied to network equipment for operating a data surface development kit DPDK and a network data acquisition and analysis tool Tcpdump, wherein the Tcpdump operates in a slave process mode of the DPDK, and the method comprises the following steps: capturing a data packet reaching a target port of the DPDK into packet capturing resources through a main process of the DPDK; and acquiring the data packet grabbed by the main process from the packet grabbing resource through the Tcpdump. According to the embodiment of the invention, the data packet can be captured through the DPDK, and the data packet is collected and subsequently analyzed by the Tcpdump, so that the data capturing efficiency and the analysis processing efficiency can be improved and the stability of a network equipment system can be improved on the basis of the stability of the DPDK captured packet.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a packet capture processing method and apparatus based on DPDK.
Background
In a mobile communication network, data acquisition and analysis of network equipment are particularly important links, and the network state of a network equipment port can be reflected in time.
Currently, a Tcpdump tool is generally used to capture, collect and analyze data from a network device. The Tcpdump tool can flexibly filter, decode, analyze and the like collected data, but the Tcpdump tool can only be applied to a common network card running in a kernel mode, needs to capture a data packet in the kernel mode, and then transmits the captured data packet to a user mode for subsequent caching, processing and other operations.
Therefore, capturing the data packet of the network device by using the Tcpdump tool requires switching between the kernel mode and the user mode of the network device many times, which not only affects the efficiency of data capturing, but also affects the stability of the network device system.
Disclosure of Invention
The embodiment of the invention provides a packet capturing processing method and device based on DPDK, which can improve the capturing efficiency and the analysis processing efficiency of data and improve the stability of a network equipment system.
The embodiment of the invention provides a packet capturing processing method based on DPDK, which is applied to network equipment for operating a data surface development kit DPDK and a network data acquisition and analysis tool Tcpdump, wherein the Tcpdump operates in a slave process mode of the DPDK, and the method comprises the following steps:
capturing the data packet reaching the target port of the DPDK into packet capturing resources through the main process of the DPDK;
and acquiring the data packet grabbed by the main process from the packet grabbing resource through the Tcpdump.
The embodiment of the invention provides a packet capture processing device based on DPDK, which is characterized by being applied to network equipment for operating a data surface development kit DPDK and a network data acquisition and analysis tool Tcpdump, wherein the Tcpdump operates in a slave process mode of the DPDK, and the device comprises:
the capturing module is used for capturing the data packet reaching the target port of the DPDK into packet capturing resources through the main process of the DPDK;
and the acquisition module is used for acquiring the data packet grabbed by the main process from the packet grabbing resources through the Tcpdump.
The embodiment of the invention has the following advantages:
according to the embodiment of the invention, the data packet captured by the main process of the DPDK in the user state is obtained through the Tcpdump, and the captured data is collected and subsequently analyzed in the user state, so that a program working flow in the complete user state is constructed, the data capturing efficiency and the analysis processing efficiency can be improved, and the stability of a network equipment system can be improved. In addition, the embodiment of the invention enables the Tcpdump to dynamically capture the network port data taken over by the running DPDK, and the application range of the Tcpdump can be expanded.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive labor.
Fig. 1 shows a flowchart of a first embodiment of a packet capture processing method based on DPDK according to the present invention;
FIG. 2 is a schematic diagram illustrating the Tcpdump invoking LibPcap of the present invention;
fig. 3 is a schematic diagram illustrating an overall flow relationship of a packet capturing processing method based on DPDK according to the present invention;
fig. 4 shows a block diagram of an embodiment of a packet capturing processing apparatus based on DPDK according to the present invention;
fig. 5 shows a block diagram of another embodiment of a DPDK-based packet capture processing apparatus according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Method embodiment 1
Referring to fig. 1, a flowchart of a first embodiment of a packet capture processing method based on a DPDK according to the present invention is shown, and is applied to a network device running a data plane development kit DPDK and a network data acquisition and analysis tool Tcpdump, where the Tcpdump runs in a slave process mode of the DPDK, and specifically may include:
and 102, acquiring the data packet grabbed by the main process from the packet grabbing resource through the Tcpdump.
The embodiment of the invention provides a packet capture processing method based on a DPDK (Data Plane Development Kit) framework, which can dynamically capture and collect the Data of a network port taken over by the DPDK, and reasonably inherit the work analysis function of a network Data collection and analysis tool Tcpdump to improve the Data capture efficiency and analysis processing efficiency and expand the use range of the Tcpdump.
The packet capture processing method of the embodiment of the invention can be applied to network equipment operating DPDK and Tcpdump, and the network equipment can be network element equipment in a network. The embodiment of the present invention does not limit the specific form of the network device. For example, the network device may include a base station, an MME (Mobility Management Entity), a gateway, a router, and the like. For convenience of description, the embodiments of the present invention all use the base station as an example for description, and other application scenarios may be referred to each other.
The DPDK adopts a large-page memory, a control layer and a data layer separation, a multi-core programming technology to replace a multithreading technology, a lock-free cache queue, a UIO (user space I/O) technology and other technologies, and can quickly and stably capture a Network data packet in an NIC (Network Interface Card) from a packet capturing port of the DPDK in a user mode based on the DPDK.
The DPDK may support multiple processes, and when the DPDK in the network device is started, the DPDK may be executed by using a start parameter "- -proc-type: the method comprises the steps of designating one process instance as a primary main process and designating the other process instance as a secondary slave process, wherein the main process is used for capturing a data packet reaching a target port and placing the data packet into a packet capturing resource, and the slave process is used for acquiring the data packet from the packet capturing resource so as to be used for subsequent operations such as analysis processing and the like of the data packet.
The Tcpdump is a network data acquisition and analysis tool, and consists of two components, namely a kernel component, runs in a kernel mode and is responsible for capturing data from a network and filtering the data; the other is a user component which runs in a user mode and is responsible for processing a user interface, formatting display and finishing other operations of filtering data, and the user component uses a LibPcap data packet capture function library component to communicate with the kernel component. Generally, in the packet capturing process of Tcpdump, the kernel component stores captured packets into the cache region of Tcpdump, the LibPcap component can take out the packets in the cache region and submit the packets to each application program, and the packet capturing process of Tcpdump inevitably switches between a user mode and a kernel mode, which affects the stability and efficiency of packet capturing.
It should be noted that a DPDK-based package interface is constructed in the LibPcap component, and the LibPcap component includes a PCAP _ supported _ DPDK macro switch, and the present invention can control the main process of the DPDK to scan the port of the DPDK through the PCAP _ supported _ DPDK macro switch, so that the main process of the DPDK can capture a packet arriving at the target port according to the target port parameter set in Tcpdump. Therefore, in the embodiment of the present invention, the data packet can be captured in the user mode through the DPDK, and the captured data is collected and subsequently analyzed in the user mode through the Tcpdump, so that the capture efficiency and the analysis processing efficiency of the data can be improved, the stability of the network device system can be improved, and the application range of the Tcpdump can be expanded.
In the embodiment of the present invention, the characteristics of DPDK and Tcpdump are combined, and Tcpdump is operated in the slave process mode of DPDK in the network device. The Tcpdump of the slave process can control the main process of the DPDK to start packet capturing operation by calling an interface of LibPcap, capture a data packet reaching a target port, and place the captured data packet into (enqueue) packet capturing resources, and then the Tcpdump obtains (dequeue) the data packet from the packet capturing resources, so that the Tcpdump can subsequently analyze and process the captured data packet and the like, and the Tcpdump can inherit the data analysis advantages of the Tcpdump, wherein the data analysis advantages comprise flexible filtering, decoding, data analysis and the like.
Therefore, in the embodiment of the present invention, the data packet arriving at the target port of the DPDK is captured into the packet capturing resource through the main process of the DPDK, and the data packet can be captured in the user mode through the DPDK.
The conventional process of fetching a packet includes: and capturing the data packet in the kernel mode, and transmitting the data packet to the user mode to perform subsequent caching, processing and other operations. The conventional process of capturing the data packet inevitably goes through a switching process between a kernel mode and a user mode, and the switching process affects the efficiency and stability of capturing the data packet. The DPDK is a program operation in a user mode, data is received and transmitted without passing through a kernel of an operating system, a data packet is captured by the program in the user mode, and subsequent caching and processing operations are performed on the data in the user mode, so that the packet capturing efficiency can be improved.
Referring to fig. 2, a schematic diagram of calling LibPcap by Tcpdump in accordance with an embodiment of the present invention is shown. As shown in fig. 2, tcpdump may implement packet fetching by calling LibPcap. The libPcap corresponds to a DPDK packaging interface, so that the realization of Tcpdump can be ensured by modifying a DPDK plug-in function of the libPcap, and the libPcap and the DPDK can be associated without modifying a main process of the DPDK. The design process of the invention can realize dynamic interception and collection of a DPDk connection port, so that Tcpdump can obtain a data packet captured by a main process of the DPDK in a user state, and the captured data is collected and subsequently analyzed in the user state to construct a complete user-state program work flow, thereby improving the capture efficiency and the analysis processing efficiency of the data, and enabling Tcpdump to dynamically capture the network port data of the DPDK connection pipe in operation, and expanding the application range of Tcpdump.
In an optional embodiment of the present invention, before running the Tcpdump, the method may further comprise:
and setting the starting mode of the Tcpdump as the slave process mode of the DPDK in a user mode component LibPcap of the Tcpdump.
The LibPcap is a Tcpdump user state component, and a basic pcap packaging interface based on a DPDK is constructed.
Optionally, in order to eliminate the limitation of dependence on system preinstalled software in the process of using a software program, the embodiment of the present invention implements the code according to static library compilation. Specifically, the DPDK initialization design is modified, and Tcpdump is set to initialize in a Secondary (slave process) manner.
For example, in the user-mode component LibPcap of the Tcpdump, a "ptr _ DPDK _ cfg" parameter is modified, and the "ptr _ DPDK _ cfg" parameter is configured according to a "-c 1-n 4-proc-type = secondary" mode, so as to set the start mode of the Tcpdump as the slave process mode of the DPDK.
In an optional embodiment of the present invention, before the capturing, by the main process of the DPDK, the data packet arriving at the target port of the DPDK into the packet capturing resource in step 101, the method further includes:
s11, configuring parameter information of a target port of a data packet to be acquired through the Tcpdump;
step S12, operating the Tcpdump in the network equipment, and initializing according to a slave process mode when the Tcpdump analyzes the parameter information;
step S13, calling a first function in the LibPcap through Tcpdump running in a process mode to create a packet capturing resource;
step S14, sending a packet capturing start message to the main process through the Tcpdump, wherein the packet capturing start message is used for informing the main process to start a packet capturing operation, and the packet capturing start message carries parameter information of the packet capturing resource and the target port.
The PCAP _ SUPPORT _ DPDK macro switch in the LibPcap can control a DPDK main process to scan a port of the DPDK, and captures a data packet arriving at the target port according to parameter information of the target port set in the Tcpdump. Therefore, the parameter information dpdk of the target port of the data packet to be collected may be configured first through the Tcpdump: { portlet }, which indicates that, for example, the-i parameter configuration parameter information via the Tcpdump is dpdk: {1}, the host process may be controlled to grab the packet arriving on port number 1.
And running the Tcpdump in the network equipment, initializing according to a slave process mode when the Tcpdump analyzes the parameter information, and calling a first function in the LibPcap in the process of running in the slave process mode, such as pcap _ dpdk _ activate, to create a packet capturing resource, wherein the packet capturing resource is used for caching a data packet captured by the main process at a target port.
After a packet capturing resource is created by a Tcpdump of a slave process, a packet capturing starting message is sent to the master process through the Tcpdump, the packet capturing starting message is used for informing the master process to start packet capturing operation, the packet capturing starting message carries parameter information of the packet capturing resource and the target port, and the master process carries out packet capturing operation according to the packet capturing resource and the parameter information of the target port. Specifically, an API (Application Programming Interface) function in the DPDK is called to capture data packets arriving in a receiving direction (RX) and a transmitting direction (TX) of the target port, and the data packets are cached in the packet capture resources. The API function is as follows: a reception direction rte _ eth _ rx _ burst and a transmission direction rte _ eth _ tx _ burst.
Optionally, after acquiring the data packet captured by the host process from the packet capturing resource through the Tcpdump, the method further includes:
and querying the parameter information of the target port corresponding to the acquired data packet and the information of the network equipment through the Tcpdump.
Examples are as follows: and inquiring the acquired parameter information of the target port corresponding to the data packet and the information of the network equipment through the-D parameter of the Tcpdump.
Optionally, in step S14, the first function is configured to notify the host process to register a callback function in the target port, where the callback function is configured to copy a data packet arriving at the target port to the packet capturing resource.
The first function is used for calling a rte _ pdump _ enable function in a DPDK (digital pre-distortion K) to inform the main process of registering a callback function in the target port, and the callback function is used for copying a data packet arriving at the target port to the packet capturing resource.
Optionally, the capturing, by the main process of the DPDK in step 101, the data packet arriving at the target port of the DPDK into a packet capturing resource includes:
and calling the callback function through the main process, executing packet capturing operation in the receiving direction and the sending direction of the target port, and copying the captured data packet to the packet capturing resource.
Optionally, the acquiring, in step 102, the data packet captured by the host process from the host process through the Tcpdump includes:
and calling a second function in the LibPcap through the Tcpdump to acquire the data packet grabbed by the main process from the packet grabbing resource.
And the second function, for example pcap _ dpdk _ dispatch, through which the slave process can obtain the data packet grabbed by the master process from the packet grabbing resource.
In an optional embodiment of the present invention, the step S13 of calling a first function in the LibPcap by Tcpdump running from a process mode to create a packet capture resource includes:
step S21, judging whether the parameter information of the target port of the data packet to be collected is effective or not;
step S22, when the parameter information of the target port is judged to be valid, establishing a memory pool resource name and a lock-free cache queue resource name according to the parameter information of the target port;
step S23, detecting whether the memory pool resource name and the lock-free cache queue resource name exist;
step S24, when it is detected that the memory pool resource name and the lock-free cache queue resource name do not exist, creating a memory pool resource corresponding to the memory pool resource name and a lock-free cache queue resource corresponding to the lock-free cache queue resource name.
For example, the DPDK packet capturing port includes a port No. 1, a port No. 2, a port No. 3, and a port No. 4, and if the parameter information of the target port for configuring the data packet to be acquired in the Tcpdump is DPDK: {5}, if the target port is port No. 5, determining that the parameter information of the target port is invalid, and if the parameter information of the target port for configuring the data packet to be acquired in the Tcpdump is dpdk: {3}, indicating that the target port is port No. 3, and determining that the parameter information of the target port is valid. After the parameter information of the target port is judged to be valid, creating a memory pool resource mempool name and an unlocked cache queue ring resource name according to the valid parameter information of the target port, detecting whether the memory pool resource name and the unlocked cache queue resource name exist in Tcpdump, and creating a memory pool resource (Pdppool) corresponding to the memory pool resource name and an unlocked cache queue resource (PdpumpRing) corresponding to the unlocked cache queue resource name when the memory pool resource name and the unlocked cache queue resource name do not exist. And the memory pool resource and the lock-free cache queue resource are used for caching the data packet captured by the main process.
In an optional embodiment of the present invention, after acquiring, in step 102, the data packet grabbed by the host process from the packet grabbing resource through the Tcpdump, the method may further include:
step S31, calling a third function in the LibPcap through the Tcpdump to judge the blocking type of a data packet acquired from the packet capturing resource through the third function;
step S32, when the third function judges that the blocking type is in a blocking state, a fourth function in the LibPcap is called through the Tcpdump, so that the available number information of the data packets currently acquired from the packet capturing resource is returned to the Tcpdump;
step S33, when the third function judges that the blocking type is in a non-blocking state and judges that the data packets acquired from the packet capturing resource meet the preset conditions, a fourth function in the LibPcap is called through a preset period, and the available number information of the data packets currently acquired from the packet capturing resource is returned to the Tcpdump.
Optionally, the preset condition includes any one of the following: the data packet cached in the packet capturing resource is not empty, the Tcpdump acquires the overtime data packet from the packet capturing resource, and the number of times that the Tcpdump calls the fourth function exceeds the preset number of times.
Calling a third function in the LibPcap through the Tcpdump, such as: and dpdk _ read _ with _ timeout to monitor the process of acquiring the data packet by the Tcpdump through the third function and judge the blocking type of the data packet acquired from the packet capturing resource. The blocking type includes a blocking state and a non-blocking state. Examples of the fourth function include: and rte _ ring _ request _ burst, wherein the available number information of the acquired data packets can be returned to the Tcpdump through the fourth function.
And the DPDK main process grabs the data packets arriving at the receiving direction RX and the sending direction TX of the target port and caches the data packets into the packet capturing resources. Calling a second function in the LibPcap, such as a pcap _ dpdk _ dispatch, through the Tcpdump to acquire a data packet grabbed by the main process from the packet grabbing resource, and calling a third function in the LibPcap, such as: and dpdk _ read _ with _ timeout, monitoring the process of acquiring the data packet from the packet capture resource by the Tcpdump. After the data packet is obtained from the packet capture resource by the Tcpdump, the data packet can be formatted, displayed, filtered and the like.
Optionally, after the data packet captured by the host process is obtained from the packet capture resource through the Tcpdump, the method further includes:
and calling a fifth function in the LibPcap through the Tcpdump, wherein the fifth function is used for quitting the packet grabbing operation of the main process.
Examples of the fifth function include: and the fifth function is called when the Tcpdump is interrupted and quitted or the data packet grabbing is finished, and can control the main process to close the packet grabbing operation and release the packet grabbing resources occupied by the main process.
Fig. 3 is a schematic diagram showing an overall flow relationship of a packet capturing processing method based on DPDK according to an embodiment of the present invention. As shown in fig. 3, the overall process relationship of the present invention is as follows: firstly, starting a packet grabbing function in a main process of a DPDK user mode, wherein the step of starting the packet grabbing function comprises calling rte _ pdump _ init in a library of library _ pdump of the DPDK, and after the packet grabbing function is started, the main process can respond to a request of a slave process and execute packet grabbing operation on a port of the DPDK; secondly, running Tcpdump on the shell (command parser) of the operating system, and determining the parameter information "DPDK of the target port of DPDK through-i parameter in Tcpdump: { portlet } ", the Tcpdump parses the parameter information, calls a DPDK _ pre _ init function in a user mode component LibPcp to set the starting mode of the Tcpdump as a slave process mode of the DPDK, calls a pcap _ DPDK _ activate function to create a packet capture resource, and notifies the DPDk host process of the created packet capture resource through a rte _ pdump _ enable function in a library of the DPDK, the MP-Channel-Thread processing is performed to make the DPDK host process register the function in a target port, when a data packet passes through the target port, the DPDK host process copies the data packet through the callback function and caches the data packet into the packet capture resource, finally, the Tcpdump calls a pcpddk _ DPDK _ dispatch function, sends the data in the tcpdpdump resource to the pcpdump, the Tcpdump is cached into the packet capture resource, the Tcpdump _ pdump function calls the master process to monitor the slave process, and controls the capture of the packet capture resource to be taken out, and the packet capture process is stopped through the master process. And after the Tcpdump exits, the packet capturing function is automatically stopped.
The DPDK corresponds to a library of library _ pdump functions, and the Tcpdump corresponds to a library of a LibPcap data packet capture function, so that the method can be directly operated without pre-installing other function libraries.
To sum up, in the embodiment of the present invention, a data packet that reaches a target port of the DPDK is captured into a packet capture resource by a main process of the DPDK, and the data packet captured by the main process is obtained from the packet capture resource by the Tcpdump, so that the Tcpdump can obtain the data packet captured by the main process of the DPDK in a user mode, and the captured data is collected and subsequently analyzed in the user mode, thereby constructing a program workflow in a complete user mode, which can improve the capture efficiency and the analysis processing efficiency of data, and improve the stability of a network device system. In addition, the embodiment of the invention enables the Tcpdump to dynamically capture the network port data taken over by the running DPDK, and the application range of the Tcpdump can be expanded.
Device embodiment
Referring to fig. 4, a block diagram of an embodiment of a packet capture processing apparatus based on a DPDK according to the present invention is shown, and is applied to a network device running a data plane development kit DPDK and a network data acquisition and analysis tool Tcpdump, where the Tcpdump runs in a slave process mode of the DPDK, and the apparatus may specifically include:
and a capturing module 401, configured to capture, by the main process of the DPDK, a data packet that reaches the target port of the DPDK into a packet capturing resource.
An obtaining module 402, configured to obtain, from the packet capturing resource, the data packet captured by the host process through the Tcpdump.
Optionally, the apparatus further comprises:
and the slave process setting module is used for setting the starting mode of the Tcpdump to be the slave process mode of the DPDK in the user mode component LibPcap of the Tcpdump.
Optionally, the apparatus further comprises:
and the configuration module is used for configuring the parameter information of the target port of the data packet to be acquired through the Tcpdump.
And the initialization module is used for operating the Tcpdump in the network equipment and initializing according to a slave process mode when the Tcpdump analyzes the parameter information.
And the first calling module is used for calling a first function in the LibPcap through Tcpdump operated from a process mode to create a packet capturing resource.
And the sending module is used for sending a packet capturing start message to the main process through the Tcpdump, wherein the packet capturing start message is used for informing the main process to start packet capturing operation, and the packet capturing start message carries the parameter information of the packet capturing resource and the target port.
Optionally, the first function is configured to notify the host process to register a callback function in the target port, and the callback function is configured to copy a data packet arriving at the target port to the packet capture resource.
Optionally, the grabbing module 401 includes:
and the copying submodule is used for calling the callback function through the main process and copying the data packet reaching the target port to the packet capturing resource.
Optionally, the obtaining module 402 includes:
and the calling submodule is used for calling a second function in the LibPcap through the Tcpdump so as to acquire the data packet grabbed by the main process from the packet grabbing resource.
Optionally, the first invoking module includes:
and the judging submodule is used for judging whether the parameter information of the target port of the data packet to be acquired is effective or not.
And the creation name sub-module is used for creating a memory pool resource name and a lock-free cache queue resource name according to the parameter information of the target port when the parameter information of the target port is judged to be valid.
And the detection submodule is used for detecting whether the memory pool resource name and the lock-free cache queue resource name exist or not.
And the resource creating sub-module is used for creating the memory pool resource corresponding to the memory pool resource name and the lock-free cache queue resource corresponding to the lock-free cache queue resource name when detecting that the memory pool resource name and the lock-free cache queue resource name do not exist.
Optionally, the apparatus further comprises:
and the second calling module is used for calling a third function in the LibPcap through the Tcpdump so as to judge the blocking type of the data packet acquired from the packet capturing resource through the third function.
A first available number information returning module, configured to, when the third function determines that the congestion type is the congestion state, call a fourth function in the LibPcap through the Tcpdump, so as to return available number information of the data packets currently acquired from the packet capture resource to the Tcpdump.
And the second available number information returning module is used for calling a fourth function in the LibPcap through a preset period when the third function judges that the congestion type is in a non-congestion state and judges that the data packet acquired from the packet capturing resource meets a preset condition, and returning available number information of the data packet currently acquired from the packet capturing resource to the Tcpdump.
Optionally, the preset condition includes any one of the following: the data packet cached in the packet capturing resource is not empty, the Tcpdump acquires the overtime data packet from the packet capturing resource, and the number of times that the Tcpdump calls the fourth function exceeds the preset number of times.
To sum up, in the embodiment of the present invention, a data packet arriving at a target port of a DPDK is captured into a packet capture resource by a main process of the DPDK, and the data packet captured by the main process is acquired from the packet capture resource by the Tcpdump, so that the Tcpdump can acquire the data packet captured by the main process of the DPDK in a user state, and acquire and subsequently analyze the captured data in the user state, thereby constructing a program workflow in a complete user state, and improving the capture efficiency and the analysis processing efficiency of data, and improving the stability of a network device system. In addition, the embodiment of the invention enables the Tcpdump to dynamically capture the network port data taken over by the running DPDK, and the application range of the Tcpdump can be expanded.
The embodiments in the present specification are all described in a progressive manner, and each embodiment focuses on differences from other embodiments, and portions that are the same and similar between the embodiments may be referred to each other.
With regard to the apparatus in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be described in detail here.
An embodiment of the present invention further provides a packet capture processing apparatus based on DPDK, with reference to fig. 5, including: one or more processors 501, one or more readable storage media 502, and a computer program 5021 stored on the storage media and operable on the processor, the processor when executing the computer program implementing the DPDK-based bale plucking processing method of the foregoing embodiments.
An embodiment of the present invention further provides a readable storage medium, where when a computer program in the storage medium is executed by a processor of a packet capturing processing device based on a DPDK, the packet capturing processing device based on the DPDK can perform each process of the foregoing embodiment of the packet capturing processing method based on the DPDK, and achieve the same technical effect, and in order to avoid repetition, details are not described here again. The readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
As will be appreciated by one of skill in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or terminal device that comprises the element.
The DPDK-based packet capture processing method and apparatus provided by the present invention are described in detail above, and specific examples are applied herein to explain the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (14)
1. A packet capturing processing method based on DPDK is characterized by being applied to network equipment which runs a data surface development kit DPDK and a network data acquisition and analysis tool Tcpdump, wherein the Tcpdump runs in a slave process mode of the DPDK, and the method comprises the following steps:
configuring parameter information of a target port of a data packet to be acquired through the Tcpdump;
running the Tcpdump in the network equipment, and initializing according to a slave process mode when the Tcpdump analyzes the parameter information;
calling a first function in LibPcap by Tcpdump running from a process mode to create a packet capturing resource;
sending a packet capturing start message to a main process through the Tcpdump, wherein the packet capturing start message is used for informing the main process to start packet capturing operation, and the packet capturing start message carries parameter information of the packet capturing resource and the target port;
capturing a data packet reaching a target port of the DPDK into packet capturing resources through a main process of the DPDK;
and acquiring the data packet grabbed by the main process from the packet grabbing resource through the Tcpdump.
2. The method of claim 1, wherein prior to running the Tcpdump, the method further comprises:
and setting the starting mode of the Tcpdump as the slave process mode of the DPDK in a user mode component LibPcap of the Tcpdump.
3. The method according to claim 1, wherein said first function is configured to notify said host process to register a callback function on said destination port, said callback function being configured to copy data packets arriving at said destination port to said packet capture resource;
the capturing, by the DPDK host process, a data packet arriving at a target port of the DPDK into a packet capturing resource includes:
calling the callback function through the main process, and copying the data packet reaching the target port to the packet capturing resource;
the acquiring the data packet grabbed by the main process from the main process through the Tcpdump comprises the following steps:
and calling a second function in the LibPcap through the Tcpdump to acquire the data packet grabbed by the main process from the packet grabbing resource.
4. The method of claim 1, wherein the invoking a first function in the LibPcap by Tcpdump running from process mode to create a bale capture resource comprises:
judging whether the parameter information of the target port of the data packet to be acquired is effective or not;
when the parameter information of the target port is judged to be valid, establishing a memory pool resource name and a lock-free cache queue resource name according to the parameter information of the target port;
detecting whether the memory pool resource name and the lock-free cache queue resource name exist or not;
and when detecting that the memory pool resource name and the lock-free cache queue resource name do not exist, creating the memory pool resource corresponding to the memory pool resource name and the lock-free cache queue resource corresponding to the lock-free cache queue resource name.
5. The method of claim 1, wherein after the capturing the packets captured by the host process from the packet capture resource through the Tcpdump, the method further comprises:
calling a third function in LibPcap through the Tcpdump to judge the blocking type of the data packet obtained from the packet capturing resource through the third function;
when the third function judges that the blocking type is in a blocking state, returning available number information of data packets currently acquired from the packet capturing resource to the Tcpdump by calling a fourth function in the LibPcap;
and when the third function judges that the congestion type is in a non-congestion state and judges that the data packets acquired from the packet capturing resource meet preset conditions, calling a fourth function in the LibPcap through a preset period, and returning available number information of the data packets currently acquired from the packet capturing resource to the Tcpdump.
6. The method according to claim 5, wherein the preset condition comprises any one of the following: the data packet cached in the packet capturing resource is not empty, the Tcpdump acquires the overtime data packet from the packet capturing resource, and the number of times that the Tcpdump calls the fourth function exceeds the preset number of times.
7. The utility model provides a packet capture processing apparatus based on DPDK, characterized in that is applied to the network equipment of operation data face development kit DPDK and network data acquisition analysis tool Tcpdump, tcpdump is followed the process mode operation with the DPDK, the device includes:
the configuration module is used for configuring the parameter information of the target port of the data packet to be acquired through the Tcpdump;
the initialization module is used for operating the Tcpdump in the network equipment and initializing according to a slave process mode when the Tcpdump analyzes the parameter information;
the first calling module is used for calling a first function in the LibPcap through Tcpdump operated from a process mode to create a packet capturing resource;
a sending module, configured to send a packet capture start message to a host process through the Tcpdump, where the packet capture start message is used to notify the host process to start a packet capture operation, and the packet capture start message carries parameter information of the packet capture resource and the target port;
the capturing module is used for capturing the data packet reaching the target port of the DPDK into packet capturing resources through the main process of the DPDK;
and the acquisition module is used for acquiring the data packet grabbed by the main process from the packet grabbing resources through the Tcpdump.
8. The apparatus of claim 7, further comprising:
and the slave process setting module is used for setting the starting mode of the Tcpdump to be the slave process mode of the DPDK in the user mode component LibPcap of the Tcpdump.
9. The apparatus according to claim 7, wherein the first function is configured to notify the host process to register a callback function on the destination port, and wherein the callback function is configured to copy data packets arriving at the destination port to the packet capture resource;
the grasping module includes:
the copy submodule is used for calling the callback function through the main process and copying the data packet reaching the target port to the packet capturing resource;
the acquisition module comprises:
and the calling submodule is used for calling a second function in the LibPcap through the Tcpdump so as to acquire the data packet grabbed by the main process from the packet grabbing resource.
10. The apparatus of claim 7, wherein the first calling module comprises:
the judging submodule is used for judging whether the parameter information of the target port of the data packet to be acquired is effective or not;
the creation name sub-module is used for creating a memory pool resource name and a lock-free cache queue resource name according to the parameter information of the target port when the parameter information of the target port is judged to be valid;
the detection submodule is used for detecting whether the memory pool resource name and the lock-free cache queue resource name exist or not;
and the resource creating submodule is used for creating the memory pool resource corresponding to the memory pool resource name and the lock-free cache queue resource corresponding to the lock-free cache queue resource name when detecting that the memory pool resource name and the lock-free cache queue resource name do not exist.
11. The apparatus of claim 7, further comprising:
the second calling module is used for calling a third function in the LibPcap through the Tcpdump so as to judge the blocking type of a data packet acquired from the packet capturing resource through the third function;
a first available number information returning module, configured to, when the third function determines that the congestion type is in a congestion state, call a fourth function in the LibPcap through the Tcpdump, so as to return available number information of a data packet currently acquired from the packet capture resource to the Tcpdump;
and the second available number information returning module is used for calling a fourth function in the LibPcap through a preset period when the third function judges that the blocking type is in a non-blocking state and judges that the data packets acquired from the packet capturing resource meet a preset condition, and returning the available number information of the data packets currently acquired from the packet capturing resource to the Tcpdump.
12. The apparatus of claim 11, wherein the preset condition comprises any one of: the data packet cached in the packet capturing resource is not empty, the Tcpdump acquires the overtime data packet from the packet capturing resource, and the number of times that the Tcpdump calls the fourth function exceeds the preset number of times.
13. A packet capturing processing device based on DPDK is characterized by comprising:
one or more processors; and
one or more readable storage media having stored thereon a computer program that, when executed by the one or more processors, causes the apparatus to perform the DPDK-based packet grabbing processing method according to any one of claims 1 to 6.
14. A computer-readable storage medium storing a computer program for causing a processor to execute the DPDK-based packet capturing method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010732522.6A CN114070900B (en) | 2020-07-27 | 2020-07-27 | DPDK-based packet capture processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010732522.6A CN114070900B (en) | 2020-07-27 | 2020-07-27 | DPDK-based packet capture processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114070900A CN114070900A (en) | 2022-02-18 |
| CN114070900B true CN114070900B (en) | 2023-04-07 |
Family
ID=80226578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010732522.6A Active CN114070900B (en) | 2020-07-27 | 2020-07-27 | DPDK-based packet capture processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114070900B (en) |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4759574B2 (en) * | 2004-12-23 | 2011-08-31 | ソレラ ネットワークス インコーポレイテッド | Method and apparatus for network packet capture distributed storage system |
| CN101488944B (en) * | 2008-01-16 | 2012-07-11 | 上海宝信软件股份有限公司 | System and method for communication between Ethernet device and BSC serial port device |
| CA2882446A1 (en) * | 2014-02-21 | 2015-08-21 | Coho Data, Inc. | Methods, systems and devices for parallel network interface data structures with differential data storage service capabilities |
| US20160094668A1 (en) * | 2014-09-29 | 2016-03-31 | Alcatel-Lucent Usa Inc. | Method and apparatus for distributed customized data plane processing in a data center |
| CN105635045B (en) * | 2014-10-28 | 2019-12-13 | 北京启明星辰信息安全技术有限公司 | Tcpdump packet capture implementation method and device based on drive zero copy mode system |
| CN106161398A (en) * | 2015-04-21 | 2016-11-23 | 北京信威通信技术股份有限公司 | Packet snapping method and device |
| CN106789242B (en) * | 2016-12-22 | 2019-12-31 | 广东华仝九方科技有限公司 | Intelligent identification application analysis method based on mobile phone client software dynamic feature library |
| CN107196870B (en) * | 2017-07-20 | 2021-07-20 | 哈尔滨工业大学 | DPDK-based traffic dynamic load balancing method |
| US11102186B2 (en) * | 2018-04-26 | 2021-08-24 | Vmware, Inc. | Packet capture in software-defined networking (SDN) environments |
| CN109309626B (en) * | 2018-09-10 | 2022-03-25 | 南京知常容信息技术有限公司 | DPDK-based high-speed network data packet capturing, distributing and caching method |
| CN109445944B (en) * | 2018-10-25 | 2021-07-23 | 武汉虹旭信息技术有限责任公司 | DPDK-based network data acquisition and processing system and method thereof |
| CN109669792A (en) * | 2018-12-24 | 2019-04-23 | 网宿科技股份有限公司 | Analyze the method and service server of data message |
| CN110650100A (en) * | 2019-10-16 | 2020-01-03 | 南京中孚信息技术有限公司 | Method and device for capturing network card data packet and electronic equipment |
| CN111147391B (en) * | 2019-12-05 | 2023-04-07 | 深圳市任子行科技开发有限公司 | Data transmission method and system between DPDK user mode and linux kernel network protocol stack |
-
2020
- 2020-07-27 CN CN202010732522.6A patent/CN114070900B/en active Active
Non-Patent Citations (2)
| Title |
|---|
| Jon C.Snader著,刘江林译."tcpdump是如何工作的".《高级TCP/IP编程》.中国电力出版社,2001, * |
| 龚俭等."网络入侵检测".《计算机网络安全导论 第2版》.东南大学出版社,2007, * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114070900A (en) | 2022-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11425604B2 (en) | User plane resource management method, user plane network element, and control plane network element | |
| EP2620872B1 (en) | Method and device for callback processing in telecommunication capacity opening | |
| CN110519824B (en) | Method and device for updating terminal routing strategy | |
| US20170223035A1 (en) | Scaling method and management device | |
| CN105848310A (en) | Multi-standby terminal of Android system and method for realizing multi-standby of terminal | |
| JP2022126821A5 (en) | ||
| CN110933075A (en) | Service calling method and device, electronic equipment and storage medium | |
| JP2016511451A (en) | System and method for opening network functions and associated network elements | |
| JP2015523007A (en) | Method and mobile switching center and system for returning to the long term evolution network | |
| CN101635744A (en) | Method and system for transmitting data and relative equipment | |
| CN105814968A (en) | Method for terminating call, application processor and modem | |
| WO2019218478A1 (en) | Response method and device for call service | |
| CN114070900B (en) | DPDK-based packet capture processing method and device | |
| CN106980534B (en) | Service execution method and device based on SDK (software development kit) component | |
| CN104079398B (en) | A kind of data communications method, apparatus and system | |
| CN110337079B (en) | 5G network communication method, terminal, network equipment and server | |
| CN106686542B (en) | Call processing method and device | |
| KR101896560B1 (en) | Method for access terminal to switch monitoring frequency point, and access terminal | |
| CN112888033B (en) | Switching method, device, equipment and storage medium for resident network of mobile terminal | |
| CN112969199B (en) | Data acquisition method and device | |
| CN114258088B (en) | Method, device and system for discovering intermediate session management function device, and storage medium | |
| CN113852522A (en) | Camera binding and unbinding method based on multiple platforms | |
| CN108874515B (en) | Push-to-talk PTT (push-to-talk) establishing method and system | |
| CN107959661B (en) | Information processing method and device | |
| JP2017528091A (en) | Communication link transmission method, apparatus and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |