Steps for Multi-Mirror Image Traffic Aggregation and Replication in Linux

In Linux system operation, abnormal traffic and other issues are encountered during security monitoring and testing, which requires multi-way mirroring traffic on the Linux kernel. Aggregation and replication are handled, so how do you do this? Let's learn together with Xiaobian.

architecture

kernel module process is relatively simple, the forwarding configuration from user mode to kernel modules, such as & rdquo; eth1 @ eth2_eth1 @ eth3_eth1 /eth4 @ eth5 & ldquo ;, this The configuration is:

Traffic from eth1, copied to eth2 and eth3

Traffic from eth1 and eth4, aggregated to eth5

MIRROR kernel module, only need to implement Parameter reading, configuration analysis, network card judgment (source, purpose) can be.

algorithm code implements

Parameter Input

is the function code, such as the aforementioned & ldquo; eth1 @ eth2_eth1 @ eth3_eth1 /eth4 @ Eth5“ Such parameters are split according to ”_”, submitted to the parameter setting function in stages, <;option_setup>;

Parameter setting
Previous123Next page Total 3 pages