Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User-space programs need to insert map entries according to the pcap file #8

Open
QiongwenXu opened this issue May 26, 2023 · 1 comment
Open

User-space programs need to insert map entries according to the pcap file #8

QiongwenXu opened this issue May 26, 2023 · 1 comment
Assignees
@sebymiano

Comments

@QiongwenXu
Copy link
Collaborator

QiongwenXu commented May 26, 2023
edited
Loading

The user-space program needs to initialize the map for some benchmarks, and map entries sometimes need to be read from the packet traces if <key, value> depends on packets. e.g., srcblocklist (key: srcip, value: # of packets that match the key) in ddos mitigator. We need to read all src ips used in the packet trace, and insert all <srcip, 0> pairs (srcips are from packet trace) into the srcblocklist map.

Steps:

  • process the packet trace and produce a file which contain map entry information list such as src ips for srcblocklist
  • the user-space program reads the map entry information from the input file and inserts the entries
@QiongwenXu QiongwenXu changed the title User-space programs need to read map entries from an input file User-space programs need to read map entries from the packet file May 26, 2023
@QiongwenXu QiongwenXu changed the title User-space programs need to read map entries from the packet file User-space programs need to read map entries from the pcap file May 26, 2023
@QiongwenXu QiongwenXu changed the title User-space programs need to read map entries from the pcap file User-space programs need to insert map entries according to the pcap file May 26, 2023
@sebymiano sebymiano self-assigned this Jun 7, 2023
@sebymiano
Copy link
Collaborator

sebymiano commented Jun 8, 2023
edited
Loading

I developed the nessary scripts to do this.
All the scripts are available in this repository pcap-utils.

  1. Trace preparation: The first thing to do is to pre-process the pcap trace in order to extract all the information we need.
    For this I developed this script that reads a pcap file and create a Panda DataFrame, containing most of the information required.
    The instructions on how to run this are available here.
    This tool will create a .pkl file that is a compressed version of the Panda DataFrame we created.
    I tested with very large pcap files (i.e., the CAIDA traces) and it takes ~5 min to generate the trace, since it uses several tricks to split the analysis across multiple processes, and eventually combine the results into a single Panda DataFrame.

  2. Insert entries in BPF map: For the insertion of the map entries we need the libcuckoo userspace library developed in here.
    To make it working with Python, I created a Python wrapper that loads the library from the shared object and using python ctypes call the corresponding C functions.
    I developed an example that can be used for the DDoS use case, the source code can be found here.
    This script loads the generated .pkl file from step n.1, gets the list of unique IPs in the trace, and eventually inserts those IPs into a map specified via the id parameter.

Further instructions on how to use this libraries are available here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sebymiano sebymiano

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sebymiano @QiongwenXu