[P4-dev] parsing packets p4
vladimir.gurevich at barefootnetworks.com
Mon Jul 17 13:39:01 EDT 2017
The notion of a packet header and payload in P4 is much more general and
flexible than what is dictated by most standard networking protocol
specifications. In P4 you write your own parser control that extracts
headers and whatever it doesn't extract is a payload by definition. So, it
is up to you, the P4 programmer, to decide how deeply you want to parse a
packet. If you want to look into the packet way beyond standard L3/L4
headers (something that people typically call "payload"), all you need to
do is to extend your parser program to go beyond those.
While P4 language itself is powerful enough to parse anything (provided
that you have no limitations in the amount of memory available to the
parser and the amount of time you want the packet to spend in there), most
practical P4 implementations will impose severe limits on what you can do.
For example, just recently we discussed on this list that parsing
string-oriented application layer protocols (e.g. HTTP), especially carried
using stream-based protocols such as TCP will not be practical in most
On Sun, Jul 16, 2017 at 4:59 AM, Mostafa Abdallah. Ammar <
mostafaammar at aast.edu> wrote:
> Dear All,
> I was working on a project to detect advanced persistent threats by
> analyzing network traffic. We used module on SDN controller and forward
> traffic from switch to controller to analyze it for possible threats inside
> the traffic.
> I checked P4 language it parses the packet headers and can change or
> redirect traffic according to the parsed headers.
> Is there a possible way using P4 language to search for possible traffic
> patterns within packets.
> Best Regards,
> Eng. Mostafa Abdallah Ammar,Msc.
> Information Security and Auditing Supervisor
> CCIE security #23971
> Arab Academy For Science And Technology & maritime Transport
> Computer Networks & Data Center (CNDC)
> Mobile: 002 01001983674
> P4-dev mailing list
> P4-dev at lists.p4.org
*Technical Lead, Customer Engineering*
Email: vag at barefootnetworks.com
Phone: (408) 833-4505
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the P4-dev