下载ndpi
https://codeload.github.com/ntop/nDPI/zip/refs/heads/dev
解压
unzip nDPI-dev.zip
cd nDPI-dev
cat example/README.DPDK
Prerequisites
-------------
You need to install and compile DPDK in your HOME directory as explained in
See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup
Once DPDK is built make sure to create a symbolic link
$ cd
$ ln -s dpdk-18.08 DPDK
so the build process will use the DPDK directory letting you have multiple
DPDK versions available on your system
Build
-----
Everything will happen automagically but if you want to do it by hand
do: make -f Makefile.dpdk
Run Application
---------------
Supposing to capture packets from device eno1 you can start the
application as follows:
sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1
NOTE:
- ndpiReader without DPDK support sits in this directory
- ndpiReader with DPDK support can be found inside the ./build directory
好像找个dpdk的源码链接到主目录下就可以默认编译出支持dpdk的ndpi,于是随便拷贝了一个已经编译过的dpdk到ndpi下,然后软链接到主目录
ln -s /home/xxxx/nDPI-dev/dpdk /root/DPDK
./autogen.sh
./configure
make
结果提示make -f Makefile.dpdk找不到libndpi.a,修改example/Makefile.dpdk让他找到libndpi.a,又找不到ndpiRead.o,修改example/Makefile,找到之后又报找不到一堆变量类型的定义.
官网的源码下载之后一点没动,查看dpdk的环境变量设置,之前是机器上以前的环境,改成RTE_SDK=/root/DPDK,RTE_TARGET=x86_64-native-linuxapp-gcc,还是不行,清理重新autogen也不行。
删掉nDPI-dev目录,重新解压,按照README.DPDK中的版本来,之前的版本比18.08低,下载dpdk-18.08,拷贝到重新解压的nDPI-dev目录下, 然后重命名
mv dpdk-18.08 dpdk
因为软链接名称是dpdk
之后再
./autogen.sh
./configure
make
一次通过,接下来是怎么运行,看README.DPDK也没看出样例来,只知道在example/build下面有个ndpiReader.dpdk
执行
./build/ndpiReader.dpdk -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1
报错不认得–vdev给的参数,dpdk绑定了网卡后也没有iface=eno1名称了,需要用vhost?我只是把dpdk直接拿过来用的,打算只用他来收网卡包给ndpi走一次解析流程就好,不需要再走虚拟协议栈。
跟源码发现是初始化numa socket1时候失败了,给socket1分配了大页就好了
./build/ndpiReader.dpdk -c 3ff -n 1 -s 20
好像加上-s 20时间不管用了,但不用dpdk的话这个参数选项是起作用的,到时间就退出并打印分析统计信息,这个启动后需要ctrl+c退出后打印统计信息。
选不同协议的pcap包往dpdk绑定的网卡上打流量,观察统计结果基本上正确。
Traffic statistics:
Ethernet bytes: 1160346 (includes ethernet CRC/IFC/trailer)
Discarded bytes: 0
IP packets: 1205 of 1205 packets total
IP bytes: 1131426 (avg pkt size 938 bytes)
Unique flows: 8
TCP Packets: 1192
UDP Packets: 3
VLAN Packets: 0
MPLS Packets: 0
PPPoE Packets: 0
Fragmented Packets: 0
Max Packet size: 1472
Packet Len < 64: 459
Packet Len 64-128: 12
Packet Len 128-256: 0
Packet Len 256-1024: 5
Packet Len 1024-1500: 729
Packet Len > 1500: 0
nDPI throughput: 56.30 pps / 423.56 Kb/sec
Analysis begin: 29/Dec/2021 14:46:12
Analysis end: 29/Dec/2021 14:46:31
Traffic throughput: 62.65 pps / 471.35 Kb/sec
Traffic duration: 19.233 sec
Guessed flow protos: 1
DPI Packets (TCP): 97 (32.33 pkts/flow)
DPI Packets (UDP): 1 (1.00 pkts/flow)
DPI Packets (other): 4 (1.00 pkts/flow)
Detected protocols:
Unknown packets: 1115 bytes: 1122198 flows: 1
FTP_CONTROL packets: 68 bytes: 5571 flows: 1
DHCP packets: 3 bytes: 1026 flows: 1
ICMPV6 packets: 10 bytes: 812 flows: 4
FTP_DATA packets: 9 bytes: 1819 flows: 1
9305
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
