Igalia/pflua Igalia/pflua

  • Stars
    star
    310
  • Rank 134,261 (Top 3 %)
  • Language
    Lua
  • License
    Other
  • Created over 10 years ago
  • Updated over 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Igalia/pflua
github

Igalia

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Packet filtering in Lua

pflua

pflua is a high-performance network packet filtering library written in Lua. It supports filters written in pflang, the filter language of the popular tcpdump tool. It's really fast: to our knowledge, it's the fastest pflang implementation out there, by a wide margin. Read on for more details.

Getting started

$ git clone --recursive https://github.com/Igalia/pflua.git
$ cd pflua; make             # Builds embedded LuaJIT
$ make check                 # Run builtin basic tests

Using pflua

Pflua is a library; you need an application to drive it.

The most simple way to use pflua is filtering packets from a file captured by tcpdump. For example:

$ cd tools
$ ../deps/luajit/usr/local/bin/luajit pflua-filter \
    ../tests/data/v4.pcap /tmp/foo.pcap "ip"
Filtered 43/43 packets from ../tests/data/v4.pcap to /tmp/foo.pcap.

See the source of pflua-filter for more information.

Pflua was made to be integrated into the Snabb Switch user-space networking toolkit, also written in Lua. A common deployment environment for Snabb is within the host virtual machine of a virtualized server, with Snabb having CPU affinity and complete control over a high-performance 10Gbit NIC, which it then routes to guest VMs. The administrator of such an environment might want to apply filters on the kinds of traffic passing into and out of the guests. To this end, we plan on integrating pflua into Snabb so as to provide a pleasant, expressive, high-performance filtering facility.

Given its high performance, it is also reasonable to deploy pflua on gateway routers and load-balancers, within virtualized networking appliances.

Implementation

Pflua can compile pflang filters in two ways.

The default compilation pipeline is pure Lua. First, a custom parser produces a high-level AST of a pflang filter expression. This AST is lowered to a primitive AST, with a limited set of operators and ways in which they can be combined. This representation is then exhaustively optimized, folding constants and tests, inferring ranges of expressions and packet offset values, hoisting assertions that post-dominate success continuations, etc. We then lower to A-normal form to give names to all intermediate values, perform common subexpression elimination, then inline named values that are only used once. We lower further to Static single assignment to give names to all blocks, which allows us to perform control-flow optimizations. Finally, we residualize Lua source code, using the control flow analysis from the SSA phase.

The resulting Lua function is a predicate of two parameters: the packet as a uint8_t* pointer, and its length. If the predicate is called enough times, LuaJIT will kick in and optimize traces that run through the function. Pleasantly, this results in machine code whose structure reflects the actual packets that the filter sees, as branches that are never taken are not residualized at all.

The other compilation pipeline starts with bytecode for the Berkeley packet filter VM. Pflua can load up the libpcap library and use it to compile a pflang expression to BPF. In any case, whether you start from raw BPF or from a pflang expression, the BPF is compiled directly to Lua source code, which LuaJIT can gnaw on as it pleases.

We like the independence and optimization capabilities afforded by the native pflang pipeline. However, though pflua does a good job in implementing pflang, it is inevitable that there may be bugs or differences of implementation relative to what libpcap does. For that reason, the libpcap-to-bytecode pipeline can be a useful alternative in some cases.

See the doc subdirectory for some examples of the Lua code generated for some simple pflang filters using these two pipelines.

Performance

To our knowledge, pflua is the fastest implementation of pflang out there. See https://github.com/Igalia/pflua-bench for our benchmarking experiments and results.

Pflua can beat other implementations because:

  • LuaJIT trace compilation results in machine code that reflects the actual traffic that your application sees

  • Pflua can hoist and eliminate bounds checks, whereas BPF is obligated to check that every packet access is valid

  • Pflua can work on data in network byte order, whereas BPF must convert to host byte order

  • Pflua takes advantage of LuaJIT's register allocator and excellent optimizing compiler, whereas e.g. the Linux kernel JIT has a limited optimizer

API documentation

None yet. See pf.lua for the high-level compile_filter interface.

Bugs

Check our issue tracker for known bugs, and please file a bug if you find one. Cheers :)

Authors

Pflua was written by Katerina Barone-Adesi, Andy Wingo, Diego Pino, and Javier Muñoz at Igalia, S.L., as well as Peter Melnichenko. Development of pflua was supported by Luke Gorrie at Snabb Gmbh, purveyors of fine networking solutions. Thanks, Snabb!

Feedback is very welcome! If you are interested in pflua in a Snabb context, probably the best thing is to post a message to the snabb-devel group. Or, if you like, you can contact Andy directly at [email protected]. If you have a problem that pflua can help solve, let us know!

More Repositories

1

wolvic

A fast and secure browser for standalone virtual-reality and augmented-reality headsets.
Java
731
star
2

cog

WPE launcher and webapp container
C
197
star
3

meta-webkit

Yocto / OpenEmbedded layer for WebKit based engines and browsers
BitBake
122
star
4

css-grid-layout

CSS Grid Layout Examples
HTML
111
star
5

wpe-android

WPE WebKit for Android
HTML
63
star
6

vkrunner

A shader script tester for Vulkan
C
44
star
7

webengineshackfest

Web Engines Hackfest
JavaScript
38
star
8

intel-osrc-gfx-prm

Intel Open Source Graphics Programmer Reference Manual (PRM)
Makefile
36
star
9

gst-wpe-webrtc-demo

Web-augmented graphics overlay broadcasting with WPE and GStreamer
Rust
34
star
10

phpreport

Web tool for project time tracking and project management.
JavaScript
30
star
11

WPEBackend-fdo

C++
29
star
12

pflua-bench

Benchmarking implementations of pflang, the pcap filter language
C
25
star
13

mesa

The Mesa 3D Graphics Library - unofficial copy
C
17
star
14

explainers

Igalia Explainers
17
star
15

balena-wpe

A Balena project based on WebKit WPE (balena-browser-wpe)
Shell
16
star
16

buildroot-wpe

A Buildroot overlay for building WPE WebKit
Makefile
15
star
17

libreplanapp

LibrePlan Mobile App
JavaScript
13
star
18

ref-cpp

Reference typing extensions for C++ ("Ref C++")
C
12
star
19

webkit-flatpak-sdk

A Flatpak SDK and Runtime for WebKit developers
Makefile
10
star
20

balena-browser-wpe

A drop-in web browser block for Balena based on WebKit WPE
Shell
10
star
21

piglit

(Unofficial mirror for development) An open-source test suite for OpenGL implementations
C
9
star
22

webkit-container-sdk

The all-in-one SDK for WebKit GTK/WPE port development.
Shell
9
star
23

browserperfdash

Browsers Performance Dashboard
JavaScript
8
star
24

acacia

Library for inspecting accessibility APIs
C++
8
star
25

gst-wpe-broadcast-demo

Rust
7
star
26

WPEBackend-android

Android-oriented implementation of the libwpe API
C++
7
star
27

aura

Aura is an application to record videos applying several kind of effects to them.
C++
7
star
28

balena-weston

A drop-in wayland compositor block for Balena
Shell
6
star
29

pflua-test

Property-based testing and fuzzing of the Pflua packet filtering library (obsolete)
Lua
5
star
30

GstVkVideoParser

Video parsing library using GStreamer
C
5
star
31

dinghy

Archived. Please use Cog instead → https://github.com/Igalia/cog
C
5
star
32

vapormark

Python
5
star
33

lookalike

Look Alike is a Harmattan's MeeGo application for the automatic tagging and matching of detected faces.
C++
3
star
34

gallery-enlarge-shrink-plugin

Enlarge/Shrink plugin for Gallery
C++
3
star
35

ESExtractor

Elementary stream frame extractor
C++
3
star
36

team

Web service to gather and analyse skills of members of a team
Python
3
star
37

gallery-tiltshift-plugin

Tilt Shift plugin for Gallery
C++
2
star
38

wpe-flatpak

Shell
2
star
39

webkitgtk-wayland-proto

Prototype of the Wayland nested compositor architecture of Webkit2GTK
C
2
star
40

browserperfrunner

Scripts for running benchmarks with browsers and for sending data to https://github.com/Igalia/browserperfdash
Python
2
star
41

dyz

Archived. Please use Cog instead → https://github.com/Igalia/cog
C
2
star
42

wpewebkit.org

WPE Website
HTML
2
star
43

meta-agl-demo

BitBake
2
star
44

skia

Mirror of Skia (an OpenSource 2D graphics library) with some tests to understand its API
C++
2
star
45

gallery-plugin-facerecognition-resetter

Dummy Gallery plugin to peform useful operation on the facerecognition DB
C++
2
star
46

ces-demos-2017

Demos of Chromium running on AGL for CES 2017
JavaScript
1
star
47

igalia-git-stats

Igalia git statics analysis tool
Ruby
1
star
48

meta-wpe-image

meta-wpe-image is a Yocto BSP to build images with WPEWebKit for evaluation
C
1
star
49

map-compilers-open

HTML
1
star
50

epiphany-gnomeos

Modifications on Web/Epiphany browser for GNOME OS
C
1
star
51

meta-agl-html5-dev

Dev AGL HTML5 meta-layer
BitBake
1
star
52

gnomeos-installer

Prototype of an installer for GnomeOS images
C
1
star
53

css-regions-selection

CSS Regions Selection Use Cases
JavaScript
1
star
54

web-selection-examples

Web Selection Examples
JavaScript
1
star
55

snabbwall-website

Snabbwall website
HTML
1
star
56

mesa-dockerfiles

Dockerfiles to build and test Mesa in containers
Shell
1
star