The Research And Implementation Of Packet Capture In High Speed Network

In this paper, Data-Copy, hardware interrupt and Zero-Copy techniques based on packet capture technique are mainly discussed. According to some research on already used packet capture platform and some analysis result of the impact of Data-Copy and hardware interrupt on packet capture, several issues have been taken into account and solved in the design of the platform of packet capture. In the novel packet capture platform, an improved Zero-Copy technique and parallel protocol stack technique are adopted. It breaks some bottlenecks of packet capture technique in the network security and has been proved that it is feasible on the basis of the given test data.The so-called Zero-Copy is a mechanism of which the data transmission on a node in the network has not any data copy in memory. To implement Zero-Copy, the most important method is memory mapping. In this paper, it is a kernel program which can map memory indirectly. It can avoid problems of the memory allocation and the address transition.The second is address translating. A dummy device module (DUM) that is a kernel thread has been adopted in this paper, which can make user and NIC acquire the address that they need. On the other hand, the path of the data to be transmitted in the NIC should be changed also. By improving the driver of the NIC, the data from the NIC can be directly received into the user buffer and the data in the user buffer can also be sent to the NIC directly.At last, the parallel of protocol stack has been taken into account. If there is no improvement on the capability of application layer, the whole performance of packet capture platform should be limited. So data parallel on SMP and multithreading technique have been used.In the novel platform of packet capture, the number of memory copy is decreased. And the mode of hardware interrupt and the parallel of protocol stack have been modified. According to the result of test, the performance in the peak value of the receiving packet and the ability of packet capture is three times of the old platform in given conditions. So, it can satisfy the needs of network security and audit in high speed network.