pfq-lang (Spec 0.1)

Safe HaskellNone

Network.PFQ.Lang.Default

Contents

Synopsis

Predicates

Collection of predicates used in conditional expressions.

is_ip :: NetPredicate #

Evaluate to True if the Qbuff is an IPv4 packet.

is_udp :: NetPredicate #

Evaluate to True if the Qbuff is an UDP packet.

is_tcp :: NetPredicate #

Evaluate to True if the Qbuff is a TCP packet.

is_icmp :: NetPredicate #

Evaluate to True if the Qbuff is an ICMP packet.

is_flow :: NetPredicate #

Evaluate to True if the Qbuff is an UDP or TCP packet.

is_l3_proto :: Word16 -> NetPredicate #

Evaluate to True if the Qbuff has the given Layer3 protocol.

is_l4_proto :: Word8 -> NetPredicate #

Evaluate to True if the Qbuff has the given Layer4 protocol.

is_frag :: NetPredicate #

Evaluate to True if the Qbuff is a TCP fragment.

is_first_frag :: NetPredicate #

Evaluate to True if the Qbuff is the first TCP fragment.

is_more_frag :: NetPredicate #

Evaluate to True if the Qbuff is a TCP fragment, but the first.

is_rtp :: NetPredicate #

Evaluate to True if the Qbuff is a RTP packet.

is_rtcp :: NetPredicate #

Evaluate to True if the Qbuff is a RTCP packet.

is_sip :: NetPredicate #

Evaluate to True if the Qbuff is a SIP packet.

is_voip :: NetPredicate #

Evaluate to True if the Qbuff is a VoIP packet (RTP|RTCP|SIP).

has_port :: Word16 -> NetPredicate #

Evaluate to True if the Qbuff has the given source or destination port.

If the transport protocol is not present or has no port, the predicate evaluates to False.

has_port 80

has_src_port :: Word16 -> NetPredicate #

Evaluate to True if the Qbuff has the given source port.

If the transport protocol is not present or has no port, the predicate evaluates to False.

has_dst_port :: Word16 -> NetPredicate #

Evaluate to True if the Qbuff has the given destination port.

If the transport protocol is not present or has no port, the predicate evaluates to False.

has_addr :: CIDR -> NetPredicate #

Evaluate to True if the source or destination IP address matches the given network address. I.e.,

has_addr "192.168.0.0/24"
has_addr (CIDR ("192.168.0.0", 24))

has_src_addr :: CIDR -> NetPredicate #

Evaluate to True if the source IP address matches the given network address.

has_dst_addr :: CIDR -> NetPredicate #

Evaluate to True if the destination IP address matches the given network address.

has_state :: Word32 -> NetPredicate #

Evaluate to True if the state of the computation is set to the given value, possibly by put_state function.

has_state 11

has_mark :: Word32 -> NetPredicate #

Evaluate to True if the Qbuff has the given mark, set by mark function.

has_mark 11

has_vlan :: NetPredicate #

Evaluate to True if the Qbuff has a vlan tag.

has_vid :: Int -> NetPredicate #

Evaluate to True if the Qbuff has the given vlan id.

has_vid 42

vlan_id :: [Int] -> NetPredicate #

Predicate which evaluates to True when the packet has one of the vlan id specified by the list. Example:

when (vland_id [1,13,42,43]) (log_msg "Got a packet!")

Properties

ip_tos :: NetProperty #

Evaluate to the tos field of the IP header.

ip_tot_len :: NetProperty #

Evaluate to the tot_len field of the IP header.

ip_id :: NetProperty #

Evaluate to the ip_id field of the IP header.

ip_frag :: NetProperty #

Evaluate to the frag field of the IP header.

ip_ttl :: NetProperty #

Evaluate to the TTL field of the IP header.

get_mark :: NetProperty #

Evaluate to the mark set by mark function. By default packets are marked with 0.

get_state :: NetProperty #

Evaluate to the state of the computation (possibly set by state function).

tcp_source :: NetProperty #

Evaluate to the source port of the TCP header.

tcp_dest :: NetProperty #

Evaluate to the destination port of the TCP header.

tcp_hdrlen :: NetProperty #

Evaluate to the length field of the TCP header.

udp_source :: NetProperty #

Evaluate to the source port of the UDP header.

udp_dest :: NetProperty #

Evaluate to the destination port of the UDP header.

udp_len :: NetProperty #

Evaluate to the length field of the UDP header.

icmp_type :: NetProperty #

Evaluate to the type field of the ICMP header.

icmp_code :: NetProperty #

Evaluate to the code field of the ICMP header.

Combinators

(.||.) :: NetPredicate -> NetPredicate -> NetPredicate infixl 5 #

Combine two predicate expressions with a specific boolean or operation.

(.&&.) :: NetPredicate -> NetPredicate -> NetPredicate infixl 7 #

Combine two predicate expressions with a specific boolean and operation.

(.^^.) :: NetPredicate -> NetPredicate -> NetPredicate infixl 6 #

Combine two predicate expressions with a specific boolean xor operation.

not :: NetPredicate -> NetPredicate #

Return a new predicate that evaluates to True, when the given one evaluates to false, and vice versa.

inv :: NetFunction -> NetFunction #

Function that inverts a monadic NetFunction. Useful to invert filters:

inv ip >-> log_msg "This is not an IPv4 Packet"

par :: NetFunction -> NetFunction -> NetFunction #

Function that returns the parallel of two monadic NetFunctions.

Logic or for monadic filters:

par udp icmp >-> log_msg "This is an UDP or ICMP Packet"

par3 :: NetFunction -> NetFunction -> NetFunction -> NetFunction #

Function that returns the parallel of n- monadic NetFunctions.

Comparators

Take a NetProperty, a value, and return a predicate that compares the values.

(.<) :: NetProperty -> Word64 -> NetPredicate infix 4 #

Return a predicate that evaluates to True, if the property is less than the given value. Example:

 when (ip_ttl .< 64) drop

(.<=) :: NetProperty -> Word64 -> NetPredicate infix 4 #

(.==) :: NetProperty -> Word64 -> NetPredicate infix 4 #

(./=) :: NetProperty -> Word64 -> NetPredicate infix 4 #

(.>) :: NetProperty -> Word64 -> NetPredicate infix 4 #

(.>=) :: NetProperty -> Word64 -> NetPredicate infix 4 #

(<.) :: Word64 -> NetProperty -> NetPredicate infix 4 #

(<=.) :: Word64 -> NetProperty -> NetPredicate infix 4 #

(==.) :: Word64 -> NetProperty -> NetPredicate infix 4 #

(/=.) :: Word64 -> NetProperty -> NetPredicate infix 4 #

(>.) :: Word64 -> NetProperty -> NetPredicate infix 4 #

(>=.) :: Word64 -> NetProperty -> NetPredicate infix 4 #

any_bit #

Arguments

:: NetProperty 
-> Word64

comparison mask

-> NetPredicate 

Return a predicate that evaluates to True, if the property has at least one bit set among those specified by the given mask.

all_bit #

Arguments

:: NetProperty 
-> Word64

comparison mask

-> NetPredicate 

Return a predicate that evaluates to True, if the property has all bits set among those specified in the given mask.

Conditionals

conditional :: NetPredicate -> NetFunction -> NetFunction -> NetFunction #

conditional execution of monadic netfunctions.

the function takes a predicate and evaluates to the first or the second expression, depending on the value returned by the predicate. Example:

conditional is_udp (forward "eth1") (forward "eth2")

when :: NetPredicate -> NetFunction -> NetFunction #

Conditional execution of monadic NetFunctions.

The function takes a predicate and evaluates to given the NetFunction when it evalutes to True, otherwise does nothing. Example:

when is_tcp (log_msg "This is a TCP Packet")

unless :: NetPredicate -> NetFunction -> NetFunction #

The reverse of "when"

Filters

A collection of monadic NetFunctions.

filter :: NetPredicate -> NetFunction #

Transform the given predicate in its counterpart monadic version. Example:

filter is_udp >-> kernel

is logically equivalent to:

udp >-> kernel

ip :: NetFunction #

Evaluate to Pass Qbuff if it is an IPv4 packet, Drop it otherwise.

udp :: NetFunction #

Evaluate to Pass Qbuff if it is an UDP packet, Drop it otherwise.

tcp :: NetFunction #

Evaluate to Pass Qbuff if it is a TCP packet, Drop it otherwise.

icmp :: NetFunction #

Evaluate to Pass Qbuff if it is an ICMP packet, Drop it otherwise.

vlan :: NetFunction #

Evaluate to Pass Qbuff if it has a vlan tag, Drop it otherwise.

l3_proto :: Word16 -> NetFunction #

Monadic version of is_l3_proto predicate.

Predicates are used in conditional expressions, while monadic functions are combined with Kleisli operator:

l3_proto 0x842 >-> log_msg "Wake-on-LAN packet!"

l4_proto :: Word8 -> NetFunction #

Monadic version of is_l4_proto predicate.

Predicates are used in conditional expressions, while monadic functions are combined with Kleisli operator:

l4_proto 89 >-> log_msg "OSFP packet!"

flow :: NetFunction #

Evaluate to Pass Qbuff if it is a TCP or UDP packet, Drop it otherwise.

rtp :: NetFunction #

Evaluate to Pass Qbuff if it is a RTP packet, Drop it otherwise.

rtcp :: NetFunction #

Evaluate to Pass Qbuff if it is a RTCP packet, Drop it otherwise.

sip :: NetFunction #

Evaluate to Pass Qbuff if it is a SIP packet, Drop it otherwise.

voip :: NetFunction #

Evaluate to Pass Qbuff if it is a VoIP packet (RTP|RTCP|SIP), Drop it otherwise.

vlan_id_filter :: [Int] -> NetFunction #

Monadic function, counterpart of vlan_id function.

no_frag :: NetFunction #

Evaluate to Pass Qbuff if it is not a fragment, Drop it otherwise.

no_more_frag :: NetFunction #

Evaluate to Pass Qbuff if it is not a fragment or if it's the first fragment, Drop it otherwise.

port :: Word16 -> NetFunction #

Monadic version of has_port predicate.

Predicates are used in conditional expressions, while monadic functions are combined with Kleisli operator:

port 80 >-> log_msg "http packet!"

src_port :: Word16 -> NetFunction #

Monadic version of has_src_port predicate.

dst_port :: Word16 -> NetFunction #

Monadic version of has_dst_port predicate.

addr :: CIDR -> NetFunction #

Monadic version of has_addr predicate.

predicates are used in conditional expressions, while monadic functions are combined with kleisli operator:

addr "192.168.0.0/24" >-> log_packet
addr (CIDR ("192.168.0.0",24)) >-> log_packet

src_addr :: CIDR -> NetFunction #

Monadic version of has_src_addr predicate.

dst_addr :: CIDR -> NetFunction #

Monadic version of has_src_addr predicate.

Steering functions

Monadic functions used to dispatch packets across sockets. They evaluate to Steer Hash Qbuff, if the packet has a certain property, Drop otherwise.

steer_rrobin :: NetFunction #

Dispatch the packet across the sockets in Round-Robin fashion.

ip >-> steer_rrobin

steer_rss :: NetFunction #

Dispatch the packet across the sockets using the RSS hash.

ip >-> steer_rss

steer_to :: Int -> NetFunction #

Dispatch the packet to a given socket with id.

ip >-> steer_to 1

steer_link :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees physical links consistency.

steer_link

steer_local_link :: String -> NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees local mac addresses consistency.

steer_local_link "4c:60:de:86:55:46"

double_steer_mac :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees both mac addresses consistency. This alter the total amount of traffic, as the packets can be steered to at most two sockets.

double_steer_mac

steer_vlan :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees vlan links consistency.

steer_vlan

steer_p2p :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees IP flows consistency.

steer_p2p

double_steer_ip :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees both IP addresses consistency. This alter the total amount of traffic (see double_steer_mac).

double_steer_ip

steer_local_ip :: CIDR -> NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees local IP addresses consistency. This alter the total amount of traffic (see double_steer_mac).

steer_local_ip "192.168.1.0/24"

steer_flow :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees TCP/UDP flows consistency.

steer_flow >-> log_msg "Steering a flow"

steer_local_net :: IPv4 -> Int -> Int -> NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees sub networks consistency.

steer_local_net "192.168.0.0" 16 24

steer_field #

Arguments

:: Int

offset from the beginning of the packet, in bytes

-> Int

sizeof field in bytes (max 4)

-> NetFunction 

Dispatch the packet across the sockets with a randomized algorithm. The function uses as hash the field of size bytes taken at offset bytes from the beginning of the packet.

double_steer_field #

Arguments

:: Int

offset1 from the beginning of the packet, in bytes

-> Int

offset2 from the beginning of the packet, in bytes

-> Int

sizeof field in bytes (max 4)

-> NetFunction 

Dispatch the packet across the sockets with a randomized algorithm. The function uses as hash the xor operation of the fields of size bytes taken at offset1 and offset2 bytes from the beginning of the packet. This alter the total amount of traffic (see double_steer_mac).

steer_field_symmetric #

Arguments

:: Int

offset1 from the beginning of the packet, in bytes

-> Int

offset2 from the beginning of the packet, in bytes

-> Int

sizeof field in bytes (max 4)

-> NetFunction 

Dispatch the packet across the sockets with a randomized algorithm. The function uses as hash the xor operation of the fields of size bytes taken at offset1 and offset2 bytes from the beginning of the packet.

steer_rtp :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees RTP/RTCP flows consistency.

steer_rtp

steer_voip :: NetFunction #

Dispatch the packet across the sockets with a randomized algorithm that guarantees RTP/RTCP flows consistency; SIP packets are broadcasted.

steer_voip

Forwarders

kernel :: NetFunction #

Send a copy of the packet to the kernel and evaluates to Pass. To avoid loop, this function is ignored for packets sniffed by the kernel.

detour :: NetFunction #

Send a copy of the packet to the kernel and evaluates to Drop. To avoid loop, this function is ignored for packets sniffed by the kernel.

broadcast :: NetFunction #

Broadcast the packet to all the sockets that have joined the group.

drop :: NetFunction #

Drop the packet. The computation evaluates to Drop.

classify :: Int -> NetFunction #

Specify the class for the given packet. The computation evaluates to Pass.

forward :: String -> NetFunction #

Forward the packet to the given device. This function is lazy, in that the action is logged and performed when the computation is completely evaluated.

forward "eth1"

forwardIO :: String -> NetFunction #

Forward the packet to the given device. This operation breaks the purity of the language, and it is possibly slower than the lazy "forward" counterpart.

forwardIO "eth1"

link :: [String] -> NetFunction #

Forward the socket buffer to the list of specified devices. Unlike forward, the buffer is not forwarded to the device from which it comes from.

link ["eth1", "eth2"]

bridge :: String -> NetFunction #

Forward the packet to the given device and evaluates to Drop. Example:

when is_udp (bridge "eth1") >-> kernel

Conditional bridge, forward the packet to eth1 if UDP, send it to the kernel otherwise.

tee :: String -> NetPredicate -> NetFunction #

Forward the packet to the given device and, evaluates to Pass Qbuff or Drop, depending on the value returned by the predicate. Example:

tee "eth1" is_udp >-> kernel

Logically equivalent to:

forward "eth1" >-> udp >-> kernel

Only a little bit more efficient.

tap :: String -> NetPredicate -> NetFunction #

Evaluate to Pass Qbuff, or forward the packet to the given device and evaluate to Drop, depending on the value returned by the predicate. Example:

tap "eth1" is_udp >-> kernel

Logically equivalent to:

unless is_udp (forward "eth1" >-> drop) >-> kernel

Only a little bit more efficient.

Logging

log_msg :: String -> NetFunction #

Log a message to syslog.

udp >-> log_msg "This is an UDP packet"

log_buff :: NetFunction #

Dump the payload of packet to syslog.

icmp >-> log_buff

log_packet :: NetFunction #

Log the packet to syslog, with a syntax similar to tcpdump.

icmp >-> log_msg "This is an ICMP packet:" >-> log_packet

Bloom Filters

bloom #

Arguments

:: Int

Hint: size of bloom filter (M)

-> [HostName]

List of Host/Network address to match

-> Int

Network prefix

-> NetPredicate 

Predicate that evaluates to True when the source or the destination address of the packet matches the ones specified by the bloom list.

The first Int argument specifies the size of the bloom filter. Example:

when (bloom 1024 ["192.168.0.13", "192.168.0.42"] 32) log_packet >-> kernel

bloom_src :: Int -> [HostName] -> Int -> NetPredicate #

Similarly to bloom, evaluates to True when the source address of the packet matches the ones specified by the bloom list.

bloom_dst :: Int -> [HostName] -> Int -> NetPredicate #

Similarly to bloom, evaluates to True when the destination address of the packet matches the ones specified by the bloom list.

bloom_filter :: Int -> [HostName] -> Int -> NetFunction #

Monadic counterpart of bloom function.

bloom_src_filter :: Int -> [HostName] -> Int -> NetFunction #

Monadic counterpart of bloom_src function.

bloom_dst_filter :: Int -> [HostName] -> Int -> NetFunction #

Monadic counterpart of bloom_dst function.

bloomCalcN :: Int -> Double -> Int #

Bloom filter: utility function that computes the optimal N, given the parameter M and the false-positive probability p.

bloomCalcM :: Int -> Double -> Int #

Bloom filter: utility function that computes the optimal M, given the parameter N and the false-positive probability p.

bloomCalcP :: Int -> Int -> Double #

Bloom filter: utility function that computes the false positive P, given N and M parameters.

Miscellaneous

unit :: NetFunction #

Unit operation implements left- and right-identity for Action monad.

inc :: Int -> NetFunction #

Increment the i-th counter of the current group.

inc 10

dec :: Int -> NetFunction #

Decrement the i-th counter of the current group.

dec 10

mark :: Word32 -> NetFunction #

Mark the packet with the given value. This function is unsafe in that it breaks the pure functional paradigm. Consider using put_state instead.

mark 42

put_state :: Word32 -> NetFunction #

Set the state of the computation to the given value.

put_state 42