Doc. Ing. Jan Kořenek, Ph.D.
Library of acceleration components for analysis of application-layer protocols on FPGA
|Authors:||Košař Vlastimil, Selecký Roman, Kořenek Jan, Fukač Tomáš|
|Licence:||required - licence fee|
|Keywords:||Network traffic analysis, Application-layer protocol analysis, FPGA, PCRE, NFA, Regular expressions matching, |
|This software package contains a library of acceleration components for analysis of application-layer protocols on FPGA. The library contains a component for header fields extraction and three components for regular expression matching in application layer data. Software for generation of afore mentioned components from configuration and software for configuration of the components during runtime is also incorporated into the library. The acceleration components are fully configurable. The components are able to operate with various data throughput from 1Gbps to more then 10Gbps.|
The component for header fields extraction (HFE-R) is generated from description in the P4 language. Structure of protocol headers, sequence of protocols and specification of extracted fields is described in the description. The component is very flexible and universal thanks to the description in the P4 language.
The library contains three components for regular expression matching. The components are divided into two categories. First category incorporates components, whose source code in VHDL is generated from set of regular expressions in PCRE format. Therefore, their set of regular expressions cannot be changed during runtime. Second category includes components which support change of the set of regular expressions during runtime.
Components PROTOCOL_IDENTIFIER and CRYPTO_PROTOCOL_IDENTIFIER belong to the first category. Those two components are designed for different use, but their pattern matching core is same. PROTOCOL_IDENTIFIER is used to determinate application layer protocol from packet L7 data. CRYPTO_PROTOCOL_IDENTIFIER is used to detect encrypted protocols. Source code is generated from set of regular expressions. Individual regular expression detection can be enabled/disabled at runtime to increase flexibility. The advantage of the components is low consumption of FPGA resources. However, the set of matched regular expressions can not be changed at runtime.
Component PATTERN_MATCH belong to the second category. The component supports change of the set of regular expressions during runtime. The component is parameterizable - maximal amount of stored regular expressions as well as required throughput. Only subset of regular expressions is supported by the component to lower consumption of FPGA resources. The component can be configured at runtime by a configuration file. The configuration file is generated by pmgen from set of regular expressions. The configuration of the unit is switched atomically in one clock cycle. Therefore, the throughput of the component is not limited by the reconfiguration. The advantage of the component is the ability to change the set of regular expressions during runtime. However, the consumption of FPGA resources is higher and only
subset of regular expressions is supported by the component.
|Software je šířen v souladu s licenční politikou projektu Sondy pro
analýzu a filtraci provozu na úrovni aplikačních protokolů, MV,