What is this? #
The Inlab Networks PCAP-Suite is an XDP accelerated set of tools which allows to capture, control and record Layer2 traffic at rates up to 400GbE.
The PCAP-Suite is our packet capture reference implementation in terms of speed, flexibility, precision and reliability.
It consists of the following programs:
ixdp
#
- XDP zero-copy ring management with scalable number of concurrent threads
- RPCL managed (Reverse Polish Configuration and Control Language)
- Layer2 / Ethernet metadata statistics and control
- Selective packet capture and forwarding to fast shared memory queues
- IP address queues to allow DNSBL processing
- Full nested VLAN transparency
- Built-in extended MAC vendor database
- Statistics export
collect
#
- Collects packets from
ixdpfed SHM queues - Writes standard PCAP format to a file or stdout
- Operates on SHM queues (instead of NICs)
- what’s actually in a particular SHM queue is determined
by the
ixdpconfiguration and Layer2 metadata
harvest
#
- Collects (harvestes) packets from the
ixdpfed SHM queues - Manages and fills a directory with PCAP files following the configured retention and filename parameters
- RPCL controlled, multiple background instances in parallel
idnsbl
#
- Collects IP addresses from
ixdpfed IPaddr queues - Resolves and checks a configurable set of DNSBL resources
- Feeds the results back to
ixdpwhich updates its in-memory block and allow-lists - RPCL controlled
control
#
- generic frontend to connect interactively to the CLI of background processes