A high-performance software solution for packet capture and transmission

With rapidly growing the network bandwidth to multi-gigabits, the need for high-performance and wire-speed network security tools, such as network intrusion detection systems (NIDS), is vital. Instead of using proprietary custom network adapters, there are some flexible software solutions, such as nCap or DMA ring, which can be used with low-cost commercial network adapter products. In this paper we introduce a new solution, called DashCap, for high-speed packet reception and transmission. This solution proposes multi-core aware features, such as load-balancing incoming traffic among multiple processes or threads, which are not offered in the existing solutions. Using the proposed solution, it is possible to design and implement high-performance multi-threaded NIDSs or application-layer firewalls completely in user space and with better utilization of computational resources of multi-processor/multi-core systems.