SlideShare uma empresa Scribd logo

Captura de pacotes no KernelSpace

PeslPinguim
PeslPinguim
Tecnologia
1 de 25
Baixar para ler offline
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Network packet capture in Linux kernelspace An overview of the network stack in the Linux kernel Beraldo Leal beraldo@ime.usp.br http://www.ime.usp.br/~beraldo/ Institute of Mathematics and Statistics - IME University of Sao Paulo - USP 25th October 2011 Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 1 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Outline Introduction Network stack Packet ingress flow Methods to capture packets Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 2 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Introduction • Sniffers; • Improvements in packet reception; • Linux kernel network subsystem; Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 3 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Sniffers • tcpdump, wireshark, snort, etc; • Using the well-known library libpcap; • Not suitable for > 10 Gbps; • Packet loss; Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 4 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Improvements in packet reception • Commodity hardware for packet capture; • 3COM • Intel • endace, ... • Many Interruptions • NEW API or NAPI (interruption coalescence) • zero-copy • Direct Memory Access - DMA • mmap() Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 5 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Linux kernel network subsystem • Kernel number of files: 36.680 1 2 • net/ number of files: 1.293 ( 3.5% ) • drivers/net/ number of files: 1.935 ( 5.27% ) • Kernel SLOC: 9.723.525 • net/ SLOC: 480.928 ( 5% ) • drivers/net/ SLOC: 1.155.317 ( 12% ) 1 kernel 3.0.0 2 source: wc, find, cat, etc.. Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 6 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Network stack L5: Application http, ftp, ssh, telnet, ... (message) L4: Transport tcp, udp, ... (segment) L3: Network ipv4, ipv6, ... (datagram/packet) L1/2: Link / host-to-network ethernet, token ring, ... (frame) Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 8 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important data structs: • net device • include/linux/netdevice.h • sk buff • include/linux/skbuff.h Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 9 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important data structs: • net device (include/linux/netdevice.h) • unsigned int mtu • unsigned int flags • unsigned char dev addr[MAX ADDR LEN] • int promiscuity Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 10 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important data structs: • sk buff (include/linux/skbuff.h) • struct sk buff *next; • struct sk buff *prev; • ktime t tstamp; • struct net device *dev; • unsigned int len; • unsigned int data len; • u16 mac len; • u8 pkt type; • be16 protocol; • sk buff data t transport header; (old h) • sk buff data t network header; (old nh) • sk buff data t mac header; (old mac) Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 11 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important sk buff routines • alloc skb(); • dev alloc skb(); • kfree skb(); • dev kfree skb(); • skb clone(); • skb network header(skb); • skb transport header(skb); • skb mac header(skb); Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 12 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Packet ingress flow • When working in interrupt driven model, the nic registers an interrupt handler; • This interrupt handler will be called when a frame is received; • Typically in the handler, we allocate sk buff by calling dev alloc skb(); • Copies data from nic’s buffer to this struct just created; • nic call generic reception routine netif rx(); • netif rx() put frame in per cpu queue; • if queue is full, drop! • net rx action() decision based on skb->protocol; • This function basically dequeues the frame and delivery a copy for every protocol handler; • ptype all and ptype base queues Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 13 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Packet ingress flow • ip v4 rcv() will receive the ip datagram (if is a ipv4 packet); • ip checksum, check ip headers, .... • ip rcv finish() makes route decision (ip forward() or ip local delivery()) • ip local delivery() defrag fragmented packets, and call ip local deliver finish() • ip local deliver finish() find protocol handler again; • tcp v4 rcv(), udp rcv(), or other L4 protocol handler • ... Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 14 / 25
ip_local_deliver_finish() <continue> (net/ipv4/ip_input.c) NF_IP_FORWARD find protocol handler or ip_forward() send icmp_dst_unreach Layer 3 (net/ipv4/ip_forward.c) Network handle route alert; ip_local_deliver() send redirect if (net/ipv4/ip_input.c) necessary; NF_IP_LOCAL_IN defrag fragmented decrease TTL; packets verify if frag is possible (mtu) ip_rcv_finish() ip_error() NF_IP_PRE_ROUTING (net/ipv4/ip_input.c) (net/ipv4/route.c) find route and handle routing error, send IP options icmp pkt ip_rcv() packet_rcv() arp_rcv() (net/ipv4/ip_input.c) <tcpdump_process> <...> (handle arp requests verify skb, IP headers <dhcpd process> and replies) and IP checksum <...> net_rx_action() netif_rx() input_queue (net/core/dev.c) (net/core/dev.c) [cpu] decision based on skb->protocol field Layer 1/2 Physical/Link Network Drivers (drivers/net/*)
Application userspace kernelspace Socket Layer (net/core/sock.c) __tcp_v4_lookup() tcp_v4_do_rcv() (net/ipv4/tcp_ipv4.c) generate ICMP (net/ipv4/tcp_ipv4.c) check for socket in error check for socket state LISTEN, with dst_port tcp_v4_rcv() udp_rcv() (net/ipv4/tcp_ipv4.c) (net/ipv4/udp.c) <...> Layer 4 check for tcp headers check for udp headers Transport ip_local_deliver_finish() <continue> (net/ipv4/ip_input.c) NF_IP_FORWARD find protocol handler or ip_forward() send icmp_dst_unreach Layer 3 (net/ipv4/ip_forward.c) Network handle route alert; ip_local_deliver() send redirect if (net/ipv4/ip_input.c) necessary; NF_IP_LOCAL_IN defrag fragmented decrease TTL; packets verify if frag is possible (mtu) ip_rcv_finish() ip_error() NF_IP_PRE_ROUTING (net/ipv4/ip_input.c) (net/ipv4/route.c) find route and handle routing error, send IP options icmp pkt
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Methods to capture packets • protocol handler • register a function to handler packets with dev add pack() • netfilter hooks • userspace tools; • socket AF PACKET, libpcap, ... Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 17 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets 1 struct packet type my proto; 2 3 int my packet rcv(struct sk buff ∗skb, struct net device ∗dev, 4 struct packet type ∗pt, struct net device ∗orig dev) { 5 6 printk(KERN ERR ”+ 1!n”); 7 8 kfree skb(skb); 9 return 0; 10 } 11 12 static int hello init(void) { 13 printk(”<1> Hello world!n”); 14 15 my proto.type = htons(ETH P ALL); 16 my proto.dev = NULL; 17 my proto.func = my packet rcv; 18 19 dev add pack(&my proto); 20 return 0; 21 } 22 23 static void hello exit(void) { 24 dev remove pack(&my proto); 25 printk(”<1> Bye, cruel worldn”); 26 } 27 module init(hello init); 28 module exit(hello exit); Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 18 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets 1 int my packet rcv(struct sk buff ∗skb, struct net device ∗dev, struct packet type ∗pt, struct net device ∗orig dev) 2 { 3 switch (skb−>pkt type) { 4 case PACKET HOST: 5 printk(”PACKET HOST − ”); 6 break; 7 case PACKET BROADCAST: 8 printk(”PACKET BROADCAST − ”); 9 break; 10 case PACKET MULTICAST: 11 printk(”PACKET MULTICAST − ”); 12 break; 13 case PACKET OTHERHOST: 14 printk(”PACKET OTHERHOST − ”); 15 break; 16 case PACKET OUTGOING: 17 printk(”PACKET OUTGOING − ”); 18 break; 19 case PACKET LOOPBACK: 20 printk(”PACKET LOOPBACK − ”); 21 break; 22 case PACKET FASTROUTE: 23 printk(”PACKET FASTROUTE − ”); 24 break; 25 } 26 printk(”%s 0x%.4X 0x%.4X n”, skb−>dev−>name, ntohs(skb−>protocol), ip hdr(skb)−>protocol) 27 28 kfree skb(skb); 29 return 0; 30 } Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 19 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Netfilter hooks • iptables = userspace; • netfilter = kernelspace; • Netfilter is merely a series of hooks in various points in a protocol stack; • packet filtering, network address [and port] translation (NA[P]T) and other packet mangling; • www.netfilter.org Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 20 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets References • br.kernelnewbies.org/node/150 has many links Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 23 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Thankyou! Question? Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 24 / 25
Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Network packet capture in Linux kernelspace An overview of the network stack in the Linux kernel Beraldo Leal beraldo@ime.usp.br http://www.ime.usp.br/~beraldo/ Institute of Mathematics and Statistics - IME University of Sao Paulo - USP 25th October 2011 Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 25 / 25

Recomendados

Kernel Recipes 2013 - Nftables, what motivations and what solutions
Kernel Recipes 2013 - Nftables, what motivations and what solutionsKernel Recipes 2013 - Nftables, what motivations and what solutions
Kernel Recipes 2013 - Nftables, what motivations and what solutionsAnne Nicolas
 
Kernel Recipes 2014 - What’s new in nftables?
Kernel Recipes 2014 - What’s new in nftables?Kernel Recipes 2014 - What’s new in nftables?
Kernel Recipes 2014 - What’s new in nftables?Anne Nicolas
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4ReVasily Sartakov
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
Spring sim 2010-riley
Spring sim 2010-rileySpring sim 2010-riley
Spring sim 2010-rileySopna Sumāto
 
Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Raffael Marty
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 

Recomendados

Kernel Recipes 2013 - Nftables, what motivations and what solutions
Kernel Recipes 2013 - Nftables, what motivations and what solutionsKernel Recipes 2013 - Nftables, what motivations and what solutions
Kernel Recipes 2013 - Nftables, what motivations and what solutionsAnne Nicolas
 
Kernel Recipes 2014 - What’s new in nftables?
Kernel Recipes 2014 - What’s new in nftables?Kernel Recipes 2014 - What’s new in nftables?
Kernel Recipes 2014 - What’s new in nftables?Anne Nicolas
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4ReVasily Sartakov
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
Spring sim 2010-riley
Spring sim 2010-rileySpring sim 2010-riley
Spring sim 2010-rileySopna Sumāto
 
Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Raffael Marty
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesKernel TLV
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterAnne Nicolas
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-BufferSourav Punoriyar
 
Netfilter’s connection tracking system
Netfilter’s connection tracking systemNetfilter’s connection tracking system
Netfilter’s connection tracking systemhoneyEPI
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Open-NFP
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentationAmir Razmjou
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersP4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
 
Userspace networking
Userspace networkingUserspace networking
Userspace networkingStephen Hemminger
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In DepthKernel TLV
 
NGS - QC & Dataformat
NGS - QC & Dataformat NGS - QC & Dataformat
NGS - QC & Dataformat Karan Veer Singh
 
Stefano Giordano
Stefano GiordanoStefano Giordano
Stefano GiordanoGoWireless
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadOpen-NFP
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSThomas Graf
 
bfgasnet_pr-v2
bfgasnet_pr-v2bfgasnet_pr-v2
bfgasnet_pr-v2Zeus G
 
Nagraj G Honnekeri
Nagraj G Honnekeri Nagraj G Honnekeri
Nagraj G Honnekeri eletseditorial
 
5.4 multdivide fractions
5.4 multdivide fractions5.4 multdivide fractions
5.4 multdivide fractionsMrs. Hedrick's Pre-Algebra Class
 

Mais conteúdo relacionado

Mais procurados

P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesKernel TLV
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterAnne Nicolas
 
Netfilter’s connection tracking system
Netfilter’s connection tracking systemNetfilter’s connection tracking system
Netfilter’s connection tracking systemhoneyEPI
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Open-NFP
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentationAmir Razmjou
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersP4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
 
Stefano Giordano
Stefano GiordanoStefano Giordano
Stefano GiordanoGoWireless
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadOpen-NFP
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSThomas Graf
 
bfgasnet_pr-v2
bfgasnet_pr-v2bfgasnet_pr-v2
bfgasnet_pr-v2Zeus G
 

Mais procurados (20)

P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and Control
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-Buffer
 
Netfilter’s connection tracking system
Netfilter’s connection tracking systemNetfilter’s connection tracking system
Netfilter’s connection tracking system
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
 
Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit Data Plane and VNF Acceleration Mini Summit
Data Plane and VNF Acceleration Mini Summit
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentation
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersP4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
 
Userspace networking
Userspace networkingUserspace networking
Userspace networking
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
 
NGS - QC & Dataformat
NGS - QC & Dataformat NGS - QC & Dataformat
NGS - QC & Dataformat
 
Stefano Giordano
Stefano GiordanoStefano Giordano
Stefano Giordano
 
P4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC OffloadP4, EPBF, and Linux TC Offload
P4, EPBF, and Linux TC Offload
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVS
 
bfgasnet_pr-v2
bfgasnet_pr-v2bfgasnet_pr-v2
bfgasnet_pr-v2
 

Destaque

Fhs hare and tortoise new version_jwensly@live.com
Fhs hare and tortoise new version_jwensly@live.comFhs hare and tortoise new version_jwensly@live.com
Fhs hare and tortoise new version_jwensly@live.comJwensly Dmello
 
Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...
Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...
Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...NHSScotlandEvent
 
Plenary 3 Ministerial Address
Plenary 3 Ministerial AddressPlenary 3 Ministerial Address
Plenary 3 Ministerial AddressNHSScotlandEvent
 
Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...
Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...
Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...NHSScotlandEvent
 
The glove original
The glove originalThe glove original
The glove originalAnna Dudich
 
Becoming the CDO Your CEO Needs
Becoming the CDO Your CEO NeedsBecoming the CDO Your CEO Needs
Becoming the CDO Your CEO NeedsBaconLee
 
открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)
открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)
открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)uluana_v
 
Becoming The CDO Your CEO Needs
Becoming The CDO Your CEO NeedsBecoming The CDO Your CEO Needs
Becoming The CDO Your CEO NeedsBaconLee
 
Biogeochemical cycles
Biogeochemical cyclesBiogeochemical cycles
Biogeochemical cyclesjugafoce
 

Destaque (20)

Nagraj G Honnekeri
Nagraj G Honnekeri Nagraj G Honnekeri
Nagraj G Honnekeri
 
5.4 multdivide fractions
5.4 multdivide fractions5.4 multdivide fractions
5.4 multdivide fractions
 
Big history
Big historyBig history
Big history
 
Fhs hare and tortoise new version_jwensly@live.com
Fhs hare and tortoise new version_jwensly@live.comFhs hare and tortoise new version_jwensly@live.com
Fhs hare and tortoise new version_jwensly@live.com
 
Gramm
GrammGramm
Gramm
 
CSS
CSSCSS
CSS
 
Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...
Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...
Parallel Session 4.8 Creative and Innovative Approaches to Empower and Suppor...
 
Plenary 3 Ministerial Address
Plenary 3 Ministerial AddressPlenary 3 Ministerial Address
Plenary 3 Ministerial Address
 
Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...
Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...
Parallel Session 1.6.1 Managed Clinical Networks and Quality Improvement: A D...
 
The glove original
The glove originalThe glove original
The glove original
 
Becoming the CDO Your CEO Needs
Becoming the CDO Your CEO NeedsBecoming the CDO Your CEO Needs
Becoming the CDO Your CEO Needs
 
7.7 notes
7.7 notes7.7 notes
7.7 notes
 
Ch 5 review notes
Ch 5 review notesCh 5 review notes
Ch 5 review notes
 
California 3
California 3California 3
California 3
 
открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)
открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)
открытие мемориальной доски иванову андерю олеговичу (01 августа 2013 г)
 
Becoming The CDO Your CEO Needs
Becoming The CDO Your CEO NeedsBecoming The CDO Your CEO Needs
Becoming The CDO Your CEO Needs
 
5.2 notes
5.2 notes5.2 notes
5.2 notes
 
Biogeochemical cycles
Biogeochemical cyclesBiogeochemical cycles
Biogeochemical cycles
 
Ranbir Das
Ranbir DasRanbir Das
Ranbir Das
 
5.7 notes
5.7 notes5.7 notes
5.7 notes
 

Semelhante a Captura de pacotes no KernelSpace

DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureAngelo Failla
 
Making our networking stack truly extensible
Making our networking stack truly extensible Making our networking stack truly extensible
Making our networking stack truly extensible Olivier Bonaventure
 
Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)Hajime Tazaki
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane Michelle Holley
 
IPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdfIPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdfmpassword
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack monad bobo
 
SRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WG
SRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WGSRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WG
SRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WGThomasGraf42
 
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsDataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsStefano Salsano
 
High performace network of Cloud Native Taiwan User Group
High performace network of Cloud Native Taiwan User GroupHigh performace network of Cloud Native Taiwan User Group
High performace network of Cloud Native Taiwan User GroupHungWei Chiu
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-upHungWei Chiu
 
Plank
PlankPlank
PlankFNian
 
17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-Net17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-NetIPv6no
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6no
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
 
Direct Code Execution - LinuxCon Japan 2014
Direct Code Execution - LinuxCon Japan 2014Direct Code Execution - LinuxCon Japan 2014
Direct Code Execution - LinuxCon Japan 2014Hajime Tazaki
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)Kirill Tsym
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingKernel TLV
 

Semelhante a Captura de pacotes no KernelSpace (20)

DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
 
Making our networking stack truly extensible
Making our networking stack truly extensible Making our networking stack truly extensible
Making our networking stack truly extensible
 
DPDK KNI interface
DPDK KNI interfaceDPDK KNI interface
DPDK KNI interface
 
Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)Network Stack in Userspace (NUSE)
Network Stack in Userspace (NUSE)
 
Tma ph d_school_2011
Tma ph d_school_2011Tma ph d_school_2011
Tma ph d_school_2011
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
 
IPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdfIPTABLES_linux_Firewall_Administration (1).pdf
IPTABLES_linux_Firewall_Administration (1).pdf
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
 
SRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WG
SRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WGSRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WG
SRv6 On-Path Delay Measurement with Anomaly Detection OPSAWG WG
 
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsDataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and tools
 
High performace network of Cloud Native Taiwan User Group
High performace network of Cloud Native Taiwan User GroupHigh performace network of Cloud Native Taiwan User Group
High performace network of Cloud Native Taiwan User Group
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF Basics
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-up
 
Plank
PlankPlank
Plank
 
17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-Net17-Pete_Vickers-IPv6-in-the-Mobile-Net
17-Pete_Vickers-IPv6-in-the-Mobile-Net
 
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network NorwayIPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
IPv6 i det mobile nettet: Pete Vickers, Network Engineer, Network Norway
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
 
Direct Code Execution - LinuxCon Japan 2014
Direct Code Execution - LinuxCon Japan 2014Direct Code Execution - LinuxCon Japan 2014
Direct Code Execution - LinuxCon Japan 2014
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet Processing
 

Mais de PeslPinguim

Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao ArduinoPeslPinguim
 
Aula 4 redes Inclusão Digital
Aula 4 redes Inclusão DigitalAula 4 redes Inclusão Digital
Aula 4 redes Inclusão DigitalPeslPinguim
 
Aula 3 parte 2 software Inclusão Digital
Aula 3 parte 2 software Inclusão DigitalAula 3 parte 2 software Inclusão Digital
Aula 3 parte 2 software Inclusão DigitalPeslPinguim
 
Aula 3 software Inclusão Digital
Aula 3 software Inclusão DigitalAula 3 software Inclusão Digital
Aula 3 software Inclusão DigitalPeslPinguim
 
Aula 2 parte 2 hardware Inclusão Digital
Aula 2 parte 2 hardware Inclusão DigitalAula 2 parte 2 hardware Inclusão Digital
Aula 2 parte 2 hardware Inclusão DigitalPeslPinguim
 
Aula 2 hardware Inclusão Digital
Aula 2 hardware Inclusão DigitalAula 2 hardware Inclusão Digital
Aula 2 hardware Inclusão DigitalPeslPinguim
 
Aula 1 apresentacao
Aula 1 apresentacaoAula 1 apresentacao
Aula 1 apresentacaoPeslPinguim
 
Aula 5 internet Inclusão Digital
Aula 5 internet Inclusão DigitalAula 5 internet Inclusão Digital
Aula 5 internet Inclusão DigitalPeslPinguim
 
Apresentação1_
Apresentação1_Apresentação1_
Apresentação1_PeslPinguim
 
Curso Básico de Java - Aula 10
Curso Básico de Java - Aula 10Curso Básico de Java - Aula 10
Curso Básico de Java - Aula 10PeslPinguim
 
Curso Básico de Java - Aula 5
Curso Básico de Java - Aula 5Curso Básico de Java - Aula 5
Curso Básico de Java - Aula 5PeslPinguim
 
Curso Básico de Java - Aula 4
Curso Básico de Java - Aula 4Curso Básico de Java - Aula 4
Curso Básico de Java - Aula 4PeslPinguim
 
Curso Básico de Java - Aula 1
Curso Básico de Java - Aula 1Curso Básico de Java - Aula 1
Curso Básico de Java - Aula 1PeslPinguim
 
Curso Básico de Java - Aula 7
Curso Básico de Java - Aula 7Curso Básico de Java - Aula 7
Curso Básico de Java - Aula 7PeslPinguim
 
Curso Básico de Java - Aula 3
Curso Básico de Java - Aula 3Curso Básico de Java - Aula 3
Curso Básico de Java - Aula 3PeslPinguim
 
Curso Básico de Java - Aula 2
Curso Básico de Java - Aula 2Curso Básico de Java - Aula 2
Curso Básico de Java - Aula 2PeslPinguim
 
Curso Básico de Java - Aula 9
Curso Básico de Java - Aula 9Curso Básico de Java - Aula 9
Curso Básico de Java - Aula 9PeslPinguim
 
Curso Básico de Java - Aula 8
Curso Básico de Java - Aula 8 Curso Básico de Java - Aula 8
Curso Básico de Java - Aula 8 PeslPinguim
 
Eletrônica aplicada - interruptor sonoro
Eletrônica aplicada - interruptor sonoroEletrônica aplicada - interruptor sonoro
Eletrônica aplicada - interruptor sonoroPeslPinguim
 

Mais de PeslPinguim (20)

Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduino
 
Aula 4 redes Inclusão Digital
Aula 4 redes Inclusão DigitalAula 4 redes Inclusão Digital
Aula 4 redes Inclusão Digital
 
Aula 3 parte 2 software Inclusão Digital
Aula 3 parte 2 software Inclusão DigitalAula 3 parte 2 software Inclusão Digital
Aula 3 parte 2 software Inclusão Digital
 
Aula 3 software Inclusão Digital
Aula 3 software Inclusão DigitalAula 3 software Inclusão Digital
Aula 3 software Inclusão Digital
 
Aula 2 parte 2 hardware Inclusão Digital
Aula 2 parte 2 hardware Inclusão DigitalAula 2 parte 2 hardware Inclusão Digital
Aula 2 parte 2 hardware Inclusão Digital
 
Aula 2 hardware Inclusão Digital
Aula 2 hardware Inclusão DigitalAula 2 hardware Inclusão Digital
Aula 2 hardware Inclusão Digital
 
Apresentação1
Apresentação1Apresentação1
Apresentação1
 
Aula 1 apresentacao
Aula 1 apresentacaoAula 1 apresentacao
Aula 1 apresentacao
 
Aula 5 internet Inclusão Digital
Aula 5 internet Inclusão DigitalAula 5 internet Inclusão Digital
Aula 5 internet Inclusão Digital
 
Apresentação1_
Apresentação1_Apresentação1_
Apresentação1_
 
Curso Básico de Java - Aula 10
Curso Básico de Java - Aula 10Curso Básico de Java - Aula 10
Curso Básico de Java - Aula 10
 
Curso Básico de Java - Aula 5
Curso Básico de Java - Aula 5Curso Básico de Java - Aula 5
Curso Básico de Java - Aula 5
 
Curso Básico de Java - Aula 4
Curso Básico de Java - Aula 4Curso Básico de Java - Aula 4
Curso Básico de Java - Aula 4
 
Curso Básico de Java - Aula 1
Curso Básico de Java - Aula 1Curso Básico de Java - Aula 1
Curso Básico de Java - Aula 1
 
Curso Básico de Java - Aula 7
Curso Básico de Java - Aula 7Curso Básico de Java - Aula 7
Curso Básico de Java - Aula 7
 
Curso Básico de Java - Aula 3
Curso Básico de Java - Aula 3Curso Básico de Java - Aula 3
Curso Básico de Java - Aula 3
 
Curso Básico de Java - Aula 2
Curso Básico de Java - Aula 2Curso Básico de Java - Aula 2
Curso Básico de Java - Aula 2
 
Curso Básico de Java - Aula 9
Curso Básico de Java - Aula 9Curso Básico de Java - Aula 9
Curso Básico de Java - Aula 9
 
Curso Básico de Java - Aula 8
Curso Básico de Java - Aula 8 Curso Básico de Java - Aula 8
Curso Básico de Java - Aula 8
 
Eletrônica aplicada - interruptor sonoro
Eletrônica aplicada - interruptor sonoroEletrônica aplicada - interruptor sonoro
Eletrônica aplicada - interruptor sonoro
 

Último

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Último (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Captura de pacotes no KernelSpace

  • 1. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Network packet capture in Linux kernelspace An overview of the network stack in the Linux kernel Beraldo Leal beraldo@ime.usp.br http://www.ime.usp.br/~beraldo/ Institute of Mathematics and Statistics - IME University of Sao Paulo - USP 25th October 2011 Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 1 / 25
  • 2. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Outline Introduction Network stack Packet ingress flow Methods to capture packets Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 2 / 25
  • 3. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Introduction • Sniffers; • Improvements in packet reception; • Linux kernel network subsystem; Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 3 / 25
  • 4. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Sniffers • tcpdump, wireshark, snort, etc; • Using the well-known library libpcap; • Not suitable for > 10 Gbps; • Packet loss; Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 4 / 25
  • 5. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Improvements in packet reception • Commodity hardware for packet capture; • 3COM • Intel • endace, ... • Many Interruptions • NEW API or NAPI (interruption coalescence) • zero-copy • Direct Memory Access - DMA • mmap() Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 5 / 25
  • 6. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Linux kernel network subsystem • Kernel number of files: 36.680 1 2 • net/ number of files: 1.293 ( 3.5% ) • drivers/net/ number of files: 1.935 ( 5.27% ) • Kernel SLOC: 9.723.525 • net/ SLOC: 480.928 ( 5% ) • drivers/net/ SLOC: 1.155.317 ( 12% ) 1 kernel 3.0.0 2 source: wc, find, cat, etc.. Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 6 / 25
  • 7.
  • 8. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Network stack L5: Application http, ftp, ssh, telnet, ... (message) L4: Transport tcp, udp, ... (segment) L3: Network ipv4, ipv6, ... (datagram/packet) L1/2: Link / host-to-network ethernet, token ring, ... (frame) Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 8 / 25
  • 9. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important data structs: • net device • include/linux/netdevice.h • sk buff • include/linux/skbuff.h Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 9 / 25
  • 10. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important data structs: • net device (include/linux/netdevice.h) • unsigned int mtu • unsigned int flags • unsigned char dev addr[MAX ADDR LEN] • int promiscuity Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 10 / 25
  • 11. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important data structs: • sk buff (include/linux/skbuff.h) • struct sk buff *next; • struct sk buff *prev; • ktime t tstamp; • struct net device *dev; • unsigned int len; • unsigned int data len; • u16 mac len; • u8 pkt type; • be16 protocol; • sk buff data t transport header; (old h) • sk buff data t network header; (old nh) • sk buff data t mac header; (old mac) Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 11 / 25
  • 12. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Important sk buff routines • alloc skb(); • dev alloc skb(); • kfree skb(); • dev kfree skb(); • skb clone(); • skb network header(skb); • skb transport header(skb); • skb mac header(skb); Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 12 / 25
  • 13. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Packet ingress flow • When working in interrupt driven model, the nic registers an interrupt handler; • This interrupt handler will be called when a frame is received; • Typically in the handler, we allocate sk buff by calling dev alloc skb(); • Copies data from nic’s buffer to this struct just created; • nic call generic reception routine netif rx(); • netif rx() put frame in per cpu queue; • if queue is full, drop! • net rx action() decision based on skb->protocol; • This function basically dequeues the frame and delivery a copy for every protocol handler; • ptype all and ptype base queues Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 13 / 25
  • 14. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Packet ingress flow • ip v4 rcv() will receive the ip datagram (if is a ipv4 packet); • ip checksum, check ip headers, .... • ip rcv finish() makes route decision (ip forward() or ip local delivery()) • ip local delivery() defrag fragmented packets, and call ip local deliver finish() • ip local deliver finish() find protocol handler again; • tcp v4 rcv(), udp rcv(), or other L4 protocol handler • ... Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 14 / 25
  • 15. ip_local_deliver_finish() <continue> (net/ipv4/ip_input.c) NF_IP_FORWARD find protocol handler or ip_forward() send icmp_dst_unreach Layer 3 (net/ipv4/ip_forward.c) Network handle route alert; ip_local_deliver() send redirect if (net/ipv4/ip_input.c) necessary; NF_IP_LOCAL_IN defrag fragmented decrease TTL; packets verify if frag is possible (mtu) ip_rcv_finish() ip_error() NF_IP_PRE_ROUTING (net/ipv4/ip_input.c) (net/ipv4/route.c) find route and handle routing error, send IP options icmp pkt ip_rcv() packet_rcv() arp_rcv() (net/ipv4/ip_input.c) <tcpdump_process> <...> (handle arp requests verify skb, IP headers <dhcpd process> and replies) and IP checksum <...> net_rx_action() netif_rx() input_queue (net/core/dev.c) (net/core/dev.c) [cpu] decision based on skb->protocol field Layer 1/2 Physical/Link Network Drivers (drivers/net/*)
  • 16. Application userspace kernelspace Socket Layer (net/core/sock.c) __tcp_v4_lookup() tcp_v4_do_rcv() (net/ipv4/tcp_ipv4.c) generate ICMP (net/ipv4/tcp_ipv4.c) check for socket in error check for socket state LISTEN, with dst_port tcp_v4_rcv() udp_rcv() (net/ipv4/tcp_ipv4.c) (net/ipv4/udp.c) <...> Layer 4 check for tcp headers check for udp headers Transport ip_local_deliver_finish() <continue> (net/ipv4/ip_input.c) NF_IP_FORWARD find protocol handler or ip_forward() send icmp_dst_unreach Layer 3 (net/ipv4/ip_forward.c) Network handle route alert; ip_local_deliver() send redirect if (net/ipv4/ip_input.c) necessary; NF_IP_LOCAL_IN defrag fragmented decrease TTL; packets verify if frag is possible (mtu) ip_rcv_finish() ip_error() NF_IP_PRE_ROUTING (net/ipv4/ip_input.c) (net/ipv4/route.c) find route and handle routing error, send IP options icmp pkt
  • 17. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Methods to capture packets • protocol handler • register a function to handler packets with dev add pack() • netfilter hooks • userspace tools; • socket AF PACKET, libpcap, ... Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 17 / 25
  • 18. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets 1 struct packet type my proto; 2 3 int my packet rcv(struct sk buff ∗skb, struct net device ∗dev, 4 struct packet type ∗pt, struct net device ∗orig dev) { 5 6 printk(KERN ERR ”+ 1!n”); 7 8 kfree skb(skb); 9 return 0; 10 } 11 12 static int hello init(void) { 13 printk(”<1> Hello world!n”); 14 15 my proto.type = htons(ETH P ALL); 16 my proto.dev = NULL; 17 my proto.func = my packet rcv; 18 19 dev add pack(&my proto); 20 return 0; 21 } 22 23 static void hello exit(void) { 24 dev remove pack(&my proto); 25 printk(”<1> Bye, cruel worldn”); 26 } 27 module init(hello init); 28 module exit(hello exit); Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 18 / 25
  • 19. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets 1 int my packet rcv(struct sk buff ∗skb, struct net device ∗dev, struct packet type ∗pt, struct net device ∗orig dev) 2 { 3 switch (skb−>pkt type) { 4 case PACKET HOST: 5 printk(”PACKET HOST − ”); 6 break; 7 case PACKET BROADCAST: 8 printk(”PACKET BROADCAST − ”); 9 break; 10 case PACKET MULTICAST: 11 printk(”PACKET MULTICAST − ”); 12 break; 13 case PACKET OTHERHOST: 14 printk(”PACKET OTHERHOST − ”); 15 break; 16 case PACKET OUTGOING: 17 printk(”PACKET OUTGOING − ”); 18 break; 19 case PACKET LOOPBACK: 20 printk(”PACKET LOOPBACK − ”); 21 break; 22 case PACKET FASTROUTE: 23 printk(”PACKET FASTROUTE − ”); 24 break; 25 } 26 printk(”%s 0x%.4X 0x%.4X n”, skb−>dev−>name, ntohs(skb−>protocol), ip hdr(skb)−>protocol) 27 28 kfree skb(skb); 29 return 0; 30 } Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 19 / 25
  • 20. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Netfilter hooks • iptables = userspace; • netfilter = kernelspace; • Netfilter is merely a series of hooks in various points in a protocol stack; • packet filtering, network address [and port] translation (NA[P]T) and other packet mangling; • www.netfilter.org Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 20 / 25
  • 21.
  • 22.
  • 23. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets References • br.kernelnewbies.org/node/150 has many links Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 23 / 25
  • 24. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Thankyou! Question? Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 24 / 25
  • 25. Introduction Network stack Packet ingress flow University of Sao Paulo - USP Methods to capture packets Network packet capture in Linux kernelspace An overview of the network stack in the Linux kernel Beraldo Leal beraldo@ime.usp.br http://www.ime.usp.br/~beraldo/ Institute of Mathematics and Statistics - IME University of Sao Paulo - USP 25th October 2011 Beraldo Leal 25th October 2011 Network packet capture in Linux kernelspace 25 / 25