libpcap添加过滤规则后，捕包性能反而下降，求解

whhitdragon

我最经在学习使用libpcap捕获网络数据包，在没有设置bpf过滤规则时，捕获的的流量可以在50M，而添加过滤规则后，捕获的流量反而下降了，这是怎么回事啊，求解！！！！

例如：

在不添加bpf规则的时候，使用仪器发送50M的HTTP流量，设备cpu到达98%

而添加bpf规则，tcp port 80 ，使用仪器发送30MHTTP流量的时候，设备的cpu就达到98%了

这是什么原因啊？ 我觉得应该是二种情况下，支持的流量一样才对啊，求解求解！！！！

jhl19880722

回复 1# whhitdragon
你添加了过滤就相当于把数据包捕获下来以后在对内容进行了一下比较，如果你在截获数据包后没有对数据包进行处理，那么这样性能下降也是可以理解的吧。


   

shamofeiyu

如果是抓包性能瓶颈，可以试试PF_RING

whhitdragon

使用PF_RING后，捕包性能能够提高多少？ 您有没有对应的使用文档？ 有的话能否给小弟一些，谢谢了！ 回复 3# shamofeiyu


   

shamofeiyu

回复 4# whhitdragon


    http://www.ntop.org/products/pf_ring/ 上面介绍的很详细了

whhitdragon

回复 5# shamofeiyu
在交叉编译环境下怎么编译？ 需要重写makefile 吗？



   

shamofeiyu

回复 6# whhitdragon

老版本有交叉编译的脚本，但是新版本好像没有了

1. #!/bin/sh
   
2. 
   
3. #
   
4. # Simple file for cross-compiling PF_RING on ARM
   
5. #
   
6. make -C ../../kernel/linux-feroceon_5_0_3_KW SUBDIRS=/home/deri/ARM/PF_RING/kernel EXTRA_CFLAGS='-I/home/deri/ARM/PF_RING/kernel' ARCH=arm CROSS_COMPILE=arm-mv5sft-linux-gnueabi- modules
   

复制代码

whhitdragon

回复 7# shamofeiyu

非常感谢 shamofeiyu

我按照你的方法编译后，可以在arm下面安装了。

现在按照pf_ring中的UsersGuide说明编译libpfring 和 libpcap ，编译命令如下：

cd ${PF_RING}/userland/lib
./configure
make CROSS_COMPILE=￥{SDK_DIR}/staging_dir/toolchain-arm_v5te_gcc-4.4.3_uClibc-0.9.30.1_eabi/usr/bin/arm-openwrt-linux-

出现下面错误提示：


ar x libs/libpfring_zero_i686.a
ar x libs/libpfring_dna_i686.a
ar x libs/libpfring_mod_virtual_i686.a
/home/xxx/xxx/staging_dir/toolchain-arm_v5te_gcc-4.4.3_uClibc-0.9.30.1_eabi/usr/bin/arm-openwrt-linux-gcc -Wall -fPIC -I../../kernel -I../../vPF_RING/guest/kernel -I../libpcap -D HAVE_ZERO -D HAVE_DNA -D HAVE_VIRTUAL  -D ENABLE_BPF   -O2  -c pfring.c -o pfring.o
In file included from pfring.c:21:
pfring.h:263: error: expected specifier-qualifier-list before 'pthread_rwlock_t'
pfring.c: In function 'pfring_open':
pfring.c:151: warning: implicit declaration of function 'pthread_rwlock_init'
pfring.c:151: error: 'pfring' has no member named 'rx_lock'
pfring.c:152: error: 'pfring' has no member named 'tx_lock'
pfring.c: In function 'pfring_close':
pfring.c:251: warning: implicit declaration of function 'pthread_rwlock_destroy'
pfring.c:251: error: 'pfring' has no member named 'rx_lock'
pfring.c:252: error: 'pfring' has no member named 'tx_lock'
pfring.c: In function 'pfring_set_reflector_device':
pfring.c:293: error: 'pfring' has no member named 'reflector_socket'
pfring.c:296: error: 'pfring' has no member named 'reflector_socket'
pfring.c:298: error: 'pfring' has no member named 'reflector_socket'
pfring.c:299: error: 'pfring' has no member named 'reflector_socket'
pfring.c:300: error: 'pfring' has no member named 'reflector_socket'
pfring.c: In function 'pfring_recv':
pfring.c:505: error: 'pfring' has no member named 'reflector_socket'
pfring.c:506: error: 'pfring' has no member named 'reflector_socket'
pfring.c: In function 'pfring_send':
pfring.c:623: warning: implicit declaration of function 'pthread_rwlock_wrlock'
pfring.c:623: error: 'pfring' has no member named 'tx_lock'
pfring.c:628: warning: implicit declaration of function 'pthread_rwlock_unlock'
pfring.c:628: error: 'pfring' has no member named 'tx_lock'
pfring.c: In function 'pfring_send_ifindex':
pfring.c:649: error: 'pfring' has no member named 'tx_lock'
pfring.c:654: error: 'pfring' has no member named 'tx_lock'
pfring.c: In function 'pfring_send_parsed':
pfring.c:672: error: 'pfring' has no member named 'tx_lock'
pfring.c:677: error: 'pfring' has no member named 'tx_lock'
pfring.c: In function 'pfring_send_get_time':
pfring.c:700: error: 'pfring' has no member named 'tx_lock'
pfring.c:705: error: 'pfring' has no member named 'tx_lock'


   

shamofeiyu

回复 8# whhitdragon


    最近好忙，是不是包含了DNA模式的库了

ar x libs/libpfring_zero_i686.a
ar x libs/libpfring_dna_i686.a
ar x libs/libpfring_mod_virtual_i686.a

这个是DNA模式的二进制库，可以吧他们去掉，因为他们是x86编译的，DNA模式是PF_RING中性能更好的抓包方案，但是他们没有开放源代码

daxia1wang

回复 1# whhitdragon


    哥，过滤规则怎么设置啊？求助{:3_200:}