The Future of Network Analysis Tools at Politecnico di Torino PowerPoint PPT Presentation

presentation player overlay
1 / 16
About This Presentation
Transcript and Presenter's Notes

Title: The Future of Network Analysis Tools at Politecnico di Torino


1
The Future of Network Analysis Toolsat
Politecnico di Torino
  • The NetBee Project
  • Fulvio Risso (fulvio.risso_at_polito.it)

2
WinPcap
  • Currently, one of the most widely used packet
    capture libraries
  • Many problems
  • Estensibility
  • Managing and coordinating the efforts of the
    developers
  • Difficulties of implementing Architectural Changes

3
Problems Estensibility
  • Extensibility to other applications
  • The processing engine (BPF) is rather limited
  • Old-style API, that makes creating new functions
    a pain
  • Widely used
  • you cannot change an existing API because of the
    backward compatibility

4
Problems Coordinating the efforts
  • Coordinating the efforts of the maintainers /
    users
  • Too many (conflicting) interests from the
    industry
  • They often do not want innovations they simply
    need something that works
  • Too many people behind it
  • You cannot do anything without large consensus,
    e.g. remote capture
  • Too many people that know what and how to do,
    too few that do
  • Often a new feature is not implemented because of
    too many requirements coming from different
    people
  • Some volunteers that may be available to
    implement a minimal set of functionalities go away

5
Problems Architectural Changes
  • Currently, more than 10 different operating
    systems are supported
  • Do we really want to support them all?
  • Es. One-copy buffering, kernel functionalities,
    etc.

6
NetBee
  • NetBee wants to be a new library which is being
    created from scratch with the following
    objectives in mind
  • Modern software architecture (object oriented)
  • Estensibility
  • Performance
  • State of the art packet processing mechanism (the
    NetVM)
  • Estensible Protocol Database (NetPDL)

7
What NetBee...
  • Is
  • A set of components for packet manipulation
  • Is not
  • An extendible router architecture, à la Click
    (MIT)

8
NetBee components
  • NetBee is made of small modules that perform
    simple and specific tasks
  • Simple components can be linked together to
    perform complex tasks
  • Complex components like a forwarding engine are
    out of scope
  • NetBee want to help solving simple tasks, not
    to become a general architecture
  • Performance problems
  • NetBee can be used by components that manage
    packets (e.g. NAT, firewalls, forwarding engines,
    etc)

9
The NetBee Library Control Path
Applications
NAT
Firewall
IDS
Traffic Monitor
L4/7 Switches
Access List
L3 forwarding
Packet Capture
. . .
Protocol Visualizer (GUI)
NetBee API
Packet Filter
Packet Decoder
Stream Reassembler
Traffic statistics
Packet Fields Extractor
. . .
NetVM
NetPDL Protocol database
NetBee
10
The NetBee Library Data Path
Input Handlers (push or pull)
Output Handlers (push or pull)
File
File
Packets
Packets
Local NIC
Local NIC
Packets
Packets
Packets
Remote NIC
Remote NIC
Packets
NetBee
Packets
User application
User application
Packets
Decoded packets
Statistics
Protocol field values
. . .
11
Network Protocol Description Language
  • NetPDL language for describing protocol headers
  • Simple and (rather) intuitive
  • XML-based
  • Support powerful primitives (loop, switch, case,
    if)
  • Describes also tough protocols (IPv6 and
    extensions headers, etc)
  • Embedded within the library
  • Protocol Database shared among all the
    applications that are based on NetBee
  • Allows adding / modifying protocol definitions
    withouth recompiling the application
  • Support for the most part of the TCP/IP protocols

12
NetPDL example
Extensibility these are visualization extensions
Very simple and intuitive
ltproto name"Ethernet" showname"Ethernet
802.3"gt ltfieldsgt ltfixed name"dst"
showname"MAC Destination" size"byte" vector"6"
showtype"hex" showgrp"3" showsep"-"
/gt ltfixed name"src" showname"MAC Source"
size"byte" vector"6" showtype"hex"
showgrp"3" showsep"-" /gt ltfixed
name"type-length" showname"Ethertype - Length"
size"short" showtype"hex"/gt
lt/fieldsgt ltnextprotogt ltswitch
fieldref"type-length"gt ltcase value"2048"
protoref"IP"/gt ltcase value"2054"
protoref"ARP"/gt lt/switchgt
lt/nextprotogt lt/protogt
Header format
Protocol encapsulation
13
Network Processing Virtual Machine
NetVM
NetPE1 (e.g. filtering)
NetPE2 (e.g. statistics)
Local PU
Local Memory
Local PU
Local Memory
Exchange Buffer 2
Output Port
Exchange Buffer 2
Output Port
Input Port
Input Port
OUT
IN
Exchange Port
Exchange Port
NetVM internal communication bus
General Purpose CPU
Classification coprocessor
Crypto coprocessor
CRC coprocessor
Shared Memory
. . .
14
Network Processing Element
NetPE
Local Processing Unit
Registers
PC program counter
NetPE internal communication bus
Code Memory
CSL code segment length
Data Memory
Exchange Buffer
DSL data segment length
Evaluation Stack
EBL exchange buffer length
Connection Table
CTL connection table length
SP stack pointer
15
NetBee putting the piaces together
Traffic Monitor
NetBee API
Output Handler
NetBee
Input Handler
16
Conclusions
  • NetBee
  • New generation packet (manipulation, handling,
    etc.) library
  • Some functionalities exist right now
  • Packet Decoding
  • NetPDL
  • NetVM (rather primitive)
  • Still work in progress
  • Both users and developers wanted
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "The Future of Network Analysis Tools at Politecnico di Torino" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!