libpcap 如何从驱动程序接收数据包? [英] How libpcap receive a packet from the driver?
问题描述
有人可以指点我一个好的起点来学习 libpcap 如何从网络驱动程序获取数据包吗?我的意图是用一个快速的实现来替换接收函数.
接收函数"是:
- 标准驱动程序接收功能,与用于接收数据包并将它们交给常规网络堆栈的功能没有什么不同;
- 常规网络堆栈的数据包套接字"部分.
一些英特尔关于 DPDK 的幻灯片 似乎表明 DPDK 让用户空间代码更直接地与网络适配器对话.这意味着将它与 libpcap 一起使用的正确方法是编写一个使用 DPDK 的 libpcap模块".
Libpcap 有一段时间支持使用多个模块"来捕获流量的能力.这些不是可以在运行时加载的插件模块(这可能有一天会发生,但是,由于 libpcap 可能需要额外的权限才能捕获流量,因此必须支持第三方插件模块非常小心,防止不受信任的代码以这些权限运行!);它们被编译成 libpcap.
libpcap 源代码中的一些模块示例,除了用于各种操作系统的默认"模块之外,还有用于 Myricom NIC 的 pcap-snf.c 和 pcap-dag.c用于 Endace DAG 卡.
如果您想进一步研究,最好订阅 tcpdump-workers 邮件列表 并在那里继续讨论.(它不是一个流量非常高的列表,尽管它的名字如此,但它同时适用于 libpcap 和 tcpdump 的用户和开发人员;作为编写捕获模块的人,您将属于libpcap 的开发人员"类别.)
Can someone please point me to a good starting place to learn how libpcap gets its packets from a network driver? My intend is to replace the receive function with a fast implementation.
The "receive function" is:
- the standard driver receive function, no different from what's used to receive packets and hand them to the regular networking stack;
- the "packet socket" part of the regular networking stack.
Some Intel slides on DPDK seem to indicate that DPDK lets user-space code talk more directly to the network adapter. This means that the right way to use that with libpcap would be to write a libpcap "module" that uses the DPDK.
Libpcap has, for a while, supported the ability to have multiple "modules" to capture traffic. These are not plugin modules that can be loaded at run time (that may happen someday, but, as libpcap might require additional privileges in order to capture traffic, support for third-party plugin modules would have to be done VERY carefully, to prevent untrusted code from running with those privileges!); they're compiled into libpcap.
Some examples of modules in the libpcap source, other than the "default" modules for various OSes, are pcap-snf.c for Myricom NICs and pcap-dag.c for Endace DAG cards.
If you want to pursue this further, it would probably be best if you subscribed to the tcpdump-workers mailing list and continued the discussion there. (It's not a very high-traffic list and, despite its name, it's for both users and developers of both libpcap and tcpdump; you'd fall into the "developers of libpcap" category, as somebody writing a capture module.)
这篇关于libpcap 如何从驱动程序接收数据包?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
