摘要
随着网络带宽的不断增加,对数据包捕获系统的包转发率有更高的要求。Netfilter框架是从Linux内核2.4开始提出的,可以利用这一框架对数据包进行控制。本文从减少拷贝方面分析了几种实现数据包转发的方法,决定采用Netfilter实现转发。通过测试比较表明,采用Netfilter框架实现数据包转发的速率比采用libpcap库实现数据包转发的速率要快,并且CPU资源占用率降低。但同时也发现Netfilter存在效率上的缺陷,需要在以后的研究中改进,以进一步降低CPU资源占用率,提高内核性能。
As the rapid growth of network bandwidth,packet forwarding speed has become the bottleneck of packet capture system. Netfilter is put forward from Linux Kernel 2.4 and can be used to control packet. In this paper,some methods of packet forwarding are introduced to decrease copy,and Netfilter is used finally. The result of performance evaluation exposes that the speed of packet forwarding using Netfilter is faster than that using libpcap and it decreases the host CPU’s utilization. But at the same time,the in-efficiencies of Netfilter are highlighted. It will be done to decrease CPU’s utilization and improve the performance of kernel in later studies.
出处
《微计算机信息》
北大核心
2008年第36期231-233,共3页
Control & Automation
关键词
网络安全
数据包捕获系统
包转发率
network security
packet capture system
packet forwarding speed
