摘要
网络审计系统作为保障网络安全的重要工具,通过对网络流量进行采集分析,能够实时监测网络行为。为了便于集成多种网络流量在线分析工具,网络审计系统需将网络流量复制给多个流量分析进程。本文基于共享内存和无锁环形队列实现了一对多的进程间流量复制,多个进程共享DPDK内存池,采集进程为每个分析进程创建一个无锁环形队列用以流量复制。分别使用1024 B和64 B数据包进行吞吐和每秒包数测试,通过实验对比分析,此方法性能明显优于内存拷贝和有锁机制,在加载8个分析进程时,其吞吐性能相较于内存拷贝和有锁机制至少提高了26%,每秒包数性能至少提高了19%。
As an important tool to ensure network security,the network audit system can monitor the network behavior in real time by capturing and analyzing network traffic online.Network traffic should be replicated to multiple traffic analysis processes,with the purpose of facilitating the integration of various network traffic online analysis tools on the network audit system.In this paper,one-to-many inter-process traffic replication is implemented based on shared memory and lock-free circular queues.The DPDK(Intel Data Plane Development Kit)memory pool is shared among multiple processes,and traffic replication is implemented between the acquisition process and the analysis processes through lock-free circular queues.Using 1024 B and 64 B packets respectively to test the performance of throughput and packets per second,the experimental results show that the performance of the method is significantly better than that of memory copy and locked mechanism.The throughput performance of this method is at least 26%higher,and the packet number per second performance is at least 19%higher than that of memory copy and locked mechanism with eight analysis processes.
作者
储苏红
刘磊
CHU Suhong;LIU Lei(National Network New Media Engineering Research Center,Institute of Acoustics,Chinese Academy of Sciences,Beijing,100190,China;University of Chinese Academy of Sciences,Beijing,100049,China)
出处
《网络新媒体技术》
2022年第6期29-34,65,共7页
Network New Media Technology
基金
中国科学院战略性科技先导专项课题:SEANET技术标准化研究与系统研制(编号:XDC02070100)。
