{"id":22439394,"url":"https://github.com/junka/j2depkt","last_synced_at":"2025-03-27T09:24:50.967Z","repository":{"id":191442346,"uuid":"654099738","full_name":"junka/j2depkt","owner":"junka","description":"a DSL like scapy","archived":false,"fork":false,"pushed_at":"2024-08-12T10:18:44.000Z","size":121,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-01T14:19:20.236Z","etag":null,"topics":["dpdk","dsl","peg","scapy","tcpdump"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/junka.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-15T11:40:39.000Z","updated_at":"2024-08-12T10:18:48.000Z","dependencies_parsed_at":"2023-08-30T00:15:01.571Z","dependency_job_id":"5e6e4104-27e3-4d7f-91b9-387c1eae4a0c","html_url":"https://github.com/junka/j2depkt","commit_stats":{"total_commits":25,"total_committers":1,"mean_commits":25.0,"dds":0.0,"last_synced_commit":"c95fa234313cd33533586e6217dde097ebff2ddd"},"previous_names":["junka/j2depkt"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junka%2Fj2depkt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junka%2Fj2depkt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junka%2Fj2depkt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/junka%2Fj2depkt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/junka","download_url":"https://codeload.github.com/junka/j2depkt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245815693,"owners_count":20676956,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dpdk","dsl","peg","scapy","tcpdump"],"created_at":"2024-12-06T01:14:01.299Z","updated_at":"2025-03-27T09:24:50.940Z","avatar_url":"https://github.com/junka.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# j2depkt (Just to Decompose Packets)\n\n## inspiration \nFor anyone reaches here, you must be a specialist in networking. So you may ask why not tcpdump.\n\nYes, [tcpdump](https://github.com/the-tcpdump-group/tcpdump) is good start point to know the basis of a packet in the network.\n\nIt is easy to learn how to use the basic tcpdump expression like `ip` `host` `src` ,etc. However the whole tcpdump expression grammar is not that easy to remember. At least for me, I may have to check the manpage each time I want to combine some advanced filters. And for some protocol filters like VXLAN inner src ip which is not supported by the tcpdump expression, we may have to calculate the offset from the outer udp and then use the expression like `udp[42:4]=` to filter it out.\n\nHow to calculate the offset? udp 8 + vxlan 8 + inner ether 14 + inner ip 12 offset to source address = 42. and `:4` means we need load 4 bytes from the position 42 offset of the outer udp start point. Emmm, it works anyway. \n\nI like the idea about [Scapy](https://github.com/secdev/scapy) that builds stacked layers for any type of packets you may want to sniff or send. It is designed as a DSL for packet crafting. When you use it in different scenario to captrue or test classic or self-designed protocols, it is really easy to write a packet with layers concated together. The packet generator [Trex](https://github.com/cisco-system-traffic-generator/trex-core) is using it as packet builder engine. But even scapy sniff is a wrap of libpcap too, it does not use the DSL it owns.\n\n---\n# grammar\n\nSo my goal is using [peg](https://www.piumarta.com/software/peg/) to implement a parser for this DSL that follows the Scapy style.\n\nThe packet pattern should be recognized by scapy. However it has limitations and is only a subset of what scapy supported. I did not test all of it in scapy.\n\n```\nETHER()/IP()/UDP()/VXLAN()/ETHER()/IP():RSS()/COUNT()\n```\nIt consists of patterns and actions with colon as a delimeter\nAll possible pattern sytax could be :\n```\nETHER()\nIP()\nARP()\nIP6()\nTCP()\nUDP()\nMPLS()\nVXLAN()\nGRE()\n... to be added.\n\n```\n\nAll possible action sytax could be:\n```\nRSS()\nQUEUE()\nSAMPLE()\nDROP()\nMETER()\nPORT()\n... to be added\n```\n\nAs for the actions, the ultimated goal is using it as a codegen to generate rules wrtten for rte_flow code, so we can easily use it as a new bifurcation / offloading rule builder engine for DPDK application like ovs.\n\nBut as a start for me to learn the peg parser. I would like to implement an action with SAMPLE to generate cbpf code and inject it to tcpdump's libpcap filter. So the scapy style can work as a replacement for the tcpdump expression.\n\n## usage\n\nTo filter out a VXLAN packet with inner src ip. We can just\n```\ntcpdump -i eth0 -nev ETHER()/IP()/UDP()/VXLAN()/ETHER()/IP(src=192.168.0.1):SAMPLE\n```\nLike scapy does, some default values can be ignored by the rule.\n\n## how to build\nFirst we need install peg, which can be get from [peg](https://www.piumarta.com/software/peg/).\n``` \nmkdir build \u0026\u0026 cd build\ncmake ..\nmake\n```\n\nIf build with DPDK,\nWe will need meson \u003e 0.53.\n```\nmkdir build \u0026\u0026 cd build\ncmake .. -DHAS_DPDK\nmake\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjunka%2Fj2depkt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjunka%2Fj2depkt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjunka%2Fj2depkt/lists"}