PANDA open source project

Related tags

Utilities panda
Overview

PANDA (Protocol And Network Datapath Acceleration)

Hop the Panda Logo

Protocol and Network Datapath Acceleration, or PANDA, is a software programming model, framework, set of libraries, and an API used to program serial data processing. In networking, PANDA is applied to optimize packet and protocol processing.

The inaugural sub-feature of PANDA is the PANDA Parser. The PANDA Parser is a framework and API for programming protocol parser pipelines. Protocol parsing is a fundamental operation in network processing and is best programmed via a declarative representation instead of a traditional imperative representation via a sequence of instructions. In PANDA, a parser is defined by a set of data structures and embedded functions that instantiate a customizable parse graph for a particular use case. The PANDA Parser is described here.

Description

This repository contains the code base for the PANDA project. The PANDA code is composed of a number of C libraries, include files for the API, test code, and sample code.

There are four libraries:

  • panda: the main library that implements the PANDA programming model and the PANDA Parser
  • siphash: a port of the siphash functions to userspace
  • flowdis: contains a port of kernel flow dissector to userspace
  • parselite: a simple handwritten parser for evaluation

Directory structure

The top level directories are:

  • src: contains source code for libraries, the PANDA API, and test code
  • samples: contains standalone example applications that use the PANDA API
  • documentation: contains documentation for PANDA

The subdirectories of src are:

  • lib: contains the code for the PANDA libraries. The lib directory has subdirectories:

    • panda: The main PANDA library
    • flowdis: Flow dissector library
    • parselite: A very lightweight parser
    • siphash: Port of siphash library to userspace
  • include: contains the include files of the PANDA API. The include directory has subdirectories

    • panda: General utility functions, header files, and API for the PANDA library
    • flowdis: Header files for the flowdis library
    • parselite: Header files for the parselite library
    • siphash: Header files for the siphash library
    • uapi: "User API" header files. These are a set of C headers that may be used when compiling against an older glibc or kernel version that does not have some definitions needed by PANDA that are in later versions glibc or the kernel. For use of these header files see the notes for building below.

    For usage of the flowdis, parselite, and siphash libraries, see the include files in the corresponding directory of the library. For panda, see the include files in the panda include directory as well as the PANDA parser document.

  • test: contains related tests for PANDA. Subdirectory is:

    • parser contains code and scripts for testing the PANDA parser, flowdis parser, and parselite parsers

The subdirectories of samples are:

  • simple_parser: Standalone example of a minimal functionality parser

Building

Building of the main libraries and code is performed by doing make in the src directory:

cd src

./configure

make

The compiled libraries, header files, and binaries may be installed in a specified directory:

make INSTALLDIR=$(MYINSTALLDIR) install

To get verbose output from make add V=1 to the command line. To include the uapi files use UAPI=1 (see note below). For example,

make INSTALLDIR=$(MYINSTALLDIR) V=1 UAPI=1 install

builds the with verbose output from make, includes the uapi files, and install the target files in the given install directory (set in MYINSTALLDIR)

Note that the uapi files (i.e. build with UAPI=1) should preferably be included only if the build system does not have up to date header files (this can happen with an older version of glibc or older kernel version). It is recommended to try building without the uapi includes and if that fails then try including the uapi files (if the glibc or kernel includes are out of date then compilation will likely fail with a number of errors for undefined names).

Basic validation testing

To perform basic validation of the parser do

cd src/test/parser

run-tests.sh

The output should show the the parsers being run with no reported diffs or other errors.

For more information please see testing.

Sample standalone parsers

samples/simple_parser contains two examples of code for a very simple parser that extracts IP addresses and port numbers from UDP and TCP packets and prints the information as well as a tuple hash. There are two variants, parser_tmpl that uses metadata templates and parser_notmpl that does not use metadata templates (see PANDA Parser document for description of metadata templates and their usage).

To build the simple_parser examples:

cd samples/simple_parser

make ROOTDIR=$(MYINSTALLDIR)

where MYINSTALLDIR is to the path for the directory in which the target files were installed when building PANDA.

The parser binaries load the siphash and panda shared libraries at run time. Please set LD_LIBRARY_PATH to include the lib directory the directory where PANDA files were installed. Assuming that MYINSTALLDIR contains the path to the directory in which PANDA was install, the library path could be set by :

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(MYINSTALLDIR)/lib

The executables are parser_tmpl and parser_notmpl. They both take one command line argument that is a pcap file. For example:

./parser_tmpl test.pcap

and

./parser_notmpl test.pcap

The output prints the IP address and port numbers for each packet, the TCP timestamps if found in the options of a TCP packet, and the computed tuple hash. For the same pcap file, parser_tmpl and parser_notmpl should produce identical output.

If the build fails the uapi includes files may be used by doing make UAPI=1. The uapi include files are not installed as part of building PANDA, so a relative path to the uapi source include files is set up by the Makefile (../../src/include/uapi). Note that is assumes that the make is being done from that simple_parser directory.

You might also like...
Open-CMSIS-Pack development tools - C++

CMSIS-Pack Development Tools and Libraries This repository contains the source code of command line tools and library components for processing meta i

A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

FindObjects-BOF A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process

This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

tlRender, or timeline render, is an early stage project for rendering editorial timelines
tlRender, or timeline render, is an early stage project for rendering editorial timelines

tlRender tlRender, or timeline render, is an early stage project for rendering editorial timelines. The project includes libraries for rendering timel

This project aims to code a C library regrouping usual functions.

42-formation-lvl1-1.libft Project 1 - Libft - First project for the formation of software engineers at school 42 São Paulo This project aims to code a

Group project: writing our own printf function
Group project: writing our own printf function

0x11. C - printf By Julien Barbier, co-founder & CEO Concepts For this project, students are expected to look at these concepts: Group Projects Pair P

Writing our own printf function, this is a project done under ALX Low Level Programming.

0x11. C - printf Writing our own printf function, this is a project done under ALX Low Level Programming. Resource secrets of printf Implementing prin

GNU project's implementation of the standard C library(with Xuantie RISC-V CPU support).

GNU project's implementation of the standard C library(with Xuantie RISC-V CPU support).

The Sandboxed API project (SAPI) Generates sandboxes for C/C++ libraries automatically
The Sandboxed API project (SAPI) Generates sandboxes for C/C++ libraries automatically

The Sandboxed API project (SAPI) makes sandboxing of C/C++ libraries less burdensome: after initial setup of security policies and generation of library interfaces, a stub API is generated, transparently forwarding calls using a custom RPC layer to the real library running inside a sandboxed environment.

Comments
  • Congratulations for starting this project!

    Congratulations for starting this project!

    That's amazing to see this idea becoming a reality. Thank you for that!

    How can we help? Is there a roadmap, a list of priorities or simple tasks to contribute?

    opened by tmonjalo 0
Owner
null
Open Source iOS 15 Jailbreak Project

Fugu Fugu is the first open source jailbreak tool based on the checkm8 exploit. UPDATE: Fugu will now install Sileo, SSH and Substitute automatically!

epeth0mus 261 Nov 26, 2022
WinMerge is an Open Source differencing and merging tool for Windows.

WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.

null 3.6k Nov 28, 2022
cavi is an open-source library that aims to provide performant utilities for closed hierarchies (i.e. all class types of the hierarchy are known at compile time).

cavi cavi is an open-source library that aims to provide performant utilities for closed hierarchies (i.e. all class types of the hierarchy are known

Baber Nawaz 5 Mar 9, 2022
KeyScan is a C++ open source explanation tool targeting windows operating system.

KeyScan is a C++ open source explanation tool targeting windows operating system. it allows you to send keyboard events, mouse events and capture keystrokes (keylogger).!

null 15 Sep 21, 2022
An open source re-implementation of LEGO Rock Raiders 🪨⛏

OpenLRR An open source re-implementation of LEGO Rock Raiders (PC). This is created by slowly implementing and replacing game functionality, while rel

Robert Jordan 39 Oct 9, 2022
The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Microsoft 7.1k Dec 1, 2022
A C library for parsing/normalizing street addresses around the world. Powered by statistical NLP and open geo data.

libpostal: international street address NLP libpostal is a C library for parsing/normalizing street addresses around the world using statistical NLP a

openvenues 3.6k Dec 4, 2022
Open Data Description Language

Open Data Description Language This is the reference parser for the Open Data Description Language (OpenDDL), version 3.0. The official language speci

Eric Lengyel 40 Nov 27, 2022
Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux

Orbit, the Open Runtime Binary Instrumentation Tool, is a standalone C/C++ profiler for Windows and Linux. Its main purpose is to help developers visualize the execution flow of a complex application.

Google 2.9k Nov 28, 2022
AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows

AlleyWind AlleyWind is an advanced Win32-based and open-sourced utility that helps you to manage system's windows. AlleyWind could: Displays a graphic

KNSoft 22 Oct 20, 2022