xdptap - XDP based Network Monitor and TAP

 

What is this? #

xdptap is an Linux XDP based network analysis and monitoring tool which allows to obtain insight and to record selected (or all) traffic for further analysis and evaluation.

Linux XDP in zero-copy mode allows packet processing at wire-speed up to 100GbE full duplex with specific drivers.

Features and Use Cases #

  • Network traffic insight and statistics at Layer 2

    xdptap provides Layer 2 insight and statistics with VLAN nesting.

  • Realtime traffic recording

    xdptap allows to record traffic in PCAP format with selectable properties at Layer 2.

  • Fault injection

    xdptap allows to inject faults for selectable traffic at configurable probabilities.

The xdptap Modes of Operation #

xdptap operates in one of the following operational modes:

  • Mirroring Mode (sometimes called SPAN - Switch Port ANalyser - mode): In this case xdptap is connected with a single NIC to a port on a switch which has been configured as a mirroring port. Packets are solely being read, no packets are being injected.

  • Bridging Mode: In this mode xdptap acts as a transparent networking bridge between both sides. This adds a small additional latency and jitter, but the presence of an inserted xdptap remains practically undetectable. This mode alllows fault injection simulating a defective link for protocol and application robustness testing and other purposes.

Technical Data #

  • Multithreading with up to 8 threads in busy polling XDP mode, where one thread is controlling its associated queue. One single packet processing thread is fully sufficient to handle 10GbE in bridging mode at wire speed.

  • MAC address RX statistics for each interface with direct vendor information and identification of locally administered MAC addresses (LAA).

  • Ethertype statistics with VLAN nesting up to 4 levels (0x8100 802.1q and 0x88a8 QinQ 802.1ad).

  • The CLI is driven by the Reverse Polish Configuration (and Control) Language RPCL. RPCL is a minimalistic configuration and control language, initially designed to act as a CLI for daemon-like networking background processes.

  • Fault injection in bridging mode simulates a defective link for protocol and application robustness testing. The following fault probabilities are adjustable at runtime for all or a configurable set of MAC addresses:

    • Probability of packet loss
    • Probability of packet content corruption
    • Probability of packet duplication

  • A shared memory packet queue allows to collect packets without affecting XDP packet processing performance.

More Information #

For latest information see the available xdptap tagged posts: /tags/xdptap/

Any legal considerations are outside the scope of xdptap and outside the responsibility of Inlab Networks. We recommend to always obtain legal advice in questionable use cases.

xdptap Project Status and Release Date #

A final public release date has not yet been fixed. Please contact us for prior access and NDA conditions.