关键词:零拷贝;高速网络接口;内存映射;入侵检测系统
The Design and Implementation of Zero-copy Module of NIDS
Abstract
As a kind of active security technique, intrusion detection system (IDS) not only can detect the unauthorized object to intrude the system, but also can monitor the authorized object to use the system resource unlawfully. With the internet used increasingly, more and more people attach importance to the intrusion detection system based on network (NIDS).
Zero-copy is an important technology to realize high-speed network interfacing for hosts and routers. It achieves high-speed data transfer through decreasing the overhead of data transmission caused by the operating system and transmission protocol. Its main idea is to reduce or eliminate some manipulations that affect speed in the critical transmission path. Based on the technology, this paper on the Linux platform have designed and achieved a simple data capture module of intrusion detection system. This module is composed of such five sub-module as following: network packet capture module, memory mapping module, network packet analysis module, storage module and user interface management module. They achieve the Ethernet network packet capture, zero-copy data transmission and network packet content analysis. Through zero-copy technology based on memory map, we achieve the zero-copy transmission of network data packets from the core space to user space and analyze the content of data packets, to effectively solve the packet loss and synchronization problem. And by realizing DMA the packet from network card to the memory that the user program can access directly, it avoids the memory access in kernel state and shortens the path to transmit a packet.