Abstract:
libpcap is a packet capture library providing the upper APIs for packet capture, filter and other functionalities, and being used widely in network protocol analysis, intrusion detection and other packet processing systems. It is feasible to perform high-speed packet processing with multi-core and multi-CPU architecture on general purpose computing platform, but it is difficult to take full advantage of the capability of multi-core and multi-CPU for applications based on libpcap because of its single thread model. In this paper, we design and implement a multi-thread packet capture library named libpcap-MT based on libpcap. libpcap-MT can capture and dispatch packets to multiple buffer queues very efficiently in kernel mode. In kernel capturing and dispatching reduces synchronization and memory copy overhead. Lockless multiple buffer queuing allows kernel and threads write and read packets in parallel. libpcap-MT provides a flexible dispatching strategy description method like C language. Its API extends libpcaps API with multi-thread operations and is compatible. Each thread can register with a buffer queue and get packets by traditional read() to copy from it, or mmap() to setup memory map then access the packet directly. Experimental results also indicate that it is easy to migrate current systems to multi-thread model with better performance and scalability using libpcap-MT.