Strict Standards: Declaration of action_plugin_safefnrecode::register() should be compatible with DokuWiki_Action_Plugin::register($controller) in /mnt/data/www/nbee/lib/plugins/safefnrecode/action.php on line 14

Strict Standards: Declaration of action_plugin_popularity::register() should be compatible with DokuWiki_Action_Plugin::register($controller) in /mnt/data/www/nbee/lib/plugins/popularity/action.php on line 57

Warning: Cannot modify header information - headers already sent by (output started at /mnt/data/www/nbee/lib/plugins/safefnrecode/action.php:14) in /mnt/data/www/nbee/inc/auth.php on line 352

Warning: Cannot modify header information - headers already sent by (output started at /mnt/data/www/nbee/lib/plugins/safefnrecode/action.php:14) in /mnt/data/www/nbee/inc/actions.php on line 180
NetBee overview [NetBee]

NetBee overview

NetBee is a new library intended for several types of packet processing, e.g.:

  • packet sniffing and filtering
  • packet decoding
  • traffic classification (not ready yet)

NetBee provides a set of modules that can be used by applications that need to process network packets. Instead of creating some custom code in your application for packet processing, you can use the functions exported by NetBee.

This library is made up of several components. It includes several objects for packet decoding, packet sniffing and filtering, traffic classification (not ready yet), and some miscellaneous utilities. Additionally, it include some components (such as the NetPDL protocol definition language, the NetVM packet processing virtual machine) that are used to do its job, but their knowledge is not required from programmers using NetBee.

General structure of the NetBee library

The library is made up of the following main blocks, as shown in the figure below.

Among these blocks, there are four main categories of blocks:


blocchi interni

blocchi esterni

Il blocco Virtual Packet Sources, invece, � tra i blocchi esportati (� vero che da solo non fa nulla, pero' e' chiaramente esportato all'utente)

Poi, per in ogni blocco sarebbe opportuno definire esattamente le funzioni esportate

Tra i blocchi esterni, manca il SockUtils.

Exported NetBee Classes NetBee defines a set of classes used for packet processing. If you look at Figure 1, all the modules that are directy below the NetBee API are classes that are exported to the user. For instance, there is a class for packet decoding, another for packet capture, another for visualizing the format of network protocols headers, and more. All these classes can be instantiated in the user application and they can be used to do the required type of packet processing. For doing thier job, these modules may need some other modules that are embedded in the NetBee library but that are not exported to the user. For instance, one of these modules is the NetPDL Protocol Database, i.e. a module that contains the knowledge of how protocol headers look like (e.g. an Ethernet frame is made up of a first field which is the MAC destination address, a second field which is the MAC source address, and so on). These services modules are shown in the rightmost part of Figure 1, that shows also (through the oriented arrows) the dependencies between exported moduies and the service modules. Usually, the user is not required to know how these hidden modules work because the exported classes can handle all the interactions automatically. The list of available exported modules can be seen in XXX.
NetVM Virtual Machine Network Virtual Machine (NetVM) is a new virtual CPU (such as Java or Microsoft CLR) targeted to elementary packet processing, such as packet filtering. Differently from Java or CLR, it has a very small set of instructions because it is targeted for packet processing, which involves usually some very simple operations (such as compare, shift, bits manipulation, etc). However, efficient packet processing may need some special instructions (such as the ones that simulate a lookup table) whose usage is are rather in general purpose programs. Additionally, packet processing at very high speed requires having an high degree of parallelism in order to be able to process multiple data at the same time. The NetVM module implements such a new virtual CPU, with a reduced instruction set, but it has some special instructions targeted to processing network packets and it can handle an high degree of parallelism through the definition of several micro engines. The NetVM specification defines a CPU with registers, memory, and (of course) its own assembly language. Therefore, the processing that can be done by the NetVM is extremely variable and it depends on the assembly program that is currently running in this processor. However, users are not very happy to create assembly programs with their hands. Therefore, the NetVM requires some helper modules, such as the one that compiles a program (created using some high level syntax) into assembly and it starts its execution on the NetVM. Additionally, the NetVM accepts some input data (e.g. the hex dump of a network packet), but this data has to be capture from a network interface (or a file) by another helper module. This brief introduction explains the reason why the NetVM is not exported to the user applications: several NetBee modules (the ones that have some arrow toward the NetVM box, in Figure 1) make use of it, but these modules include some piece of software that allow using the NetVM concept in a more user-friendly way.
Virtual Packet Sources Packet source objects are abstract devices for virtualizing real packet souces, e.g. network interfaces, files, and applications. One of the problem of other packet libraries (notably, WinPcap / libpcap) is that programmers have to invoke different functions according to the type of the source they have. This module solves this problem by providing an abstract set of classes that can be used to map real packet sources, i.e. locally installed network adapters, remote network adapters, files containing packets dump, and applications that want to generate packets. This idea allow programmers to deal only with generic packet sources, leaving most of the complexity needed to manage the source itself to the corresponding NetBee object. Furthermore, this abstraction helps also NetBee hackers (i.e. the ones that are willing to extend NetBee) to implement new real sources and map them inside the NetBee library. This requires them to define an object that inherits from the “base class” and that it exports some specific methods that are defined from the framework. NetBee users will see only a new type of exported class to choose from. Finally, the public interface of these public packet sources is created in such a way that packet sources can be connected one with another even directly (or through a NetVM object): a first packet source act as packet factory (e.g. a physical network interface), while the second act as packet destination (e.g. a file on your hard disk). This abstraction makes the programming much easier than in other models.
Protocol Database Several applications need to know the format of network packets for performing their job, like for example packet filters (they need to locate exacty the fields whose values must be checked), packet decoders (they need to know exactly the list of fields in each protocol header), and more. In order to avoid any application defining its protocol database, the NetPDL (Network Protocols Description Language) language has been created. The NetPDL language is an XML-based language that can be used to defines how protocol headers look like. The NetPDL language is made up of a common part (the Core Specification), that aims at describing the basic features of each protocol (for instance the protocol fields and the protocol encapsulation). Additionally, a set of optional specifications can be defined for some specific tasks: the NetPDL Visualization Extension aims at defining how to print a decoded protocol (for instance, a 32 bit number representing an IP address should be visualized in the dotted-decimal form), and more. The NetPDL protocol database is a database of protocols defined according to the NetPDL syntax. In this way, as soon as the database is updated, all the modules are immediately able to process the new kind of protocol. NetBee does not export this module to the user but several NetBee modules (the ones that have some arrow toward the NetVM module, in Figure 1) make use of it.

Software Modules

NetPDL Engines

NetBee Packet Decoder

The NetBee Decoder is the first implementation of a parser for the NetPDL language. This engine is devoted to decode and parse packets in order to print them properly into a network analyzer, particularly the Analyzer sniffer (

Since the code has been created for this task, some features present into the NetPDL language have not been implemented because they are not of interest for a packet decoder.

This engine exports a set of classes that can be of general use for packet decoding. The programmer can simply use them without any knowledge about the internals of the NetPDL language. However, the knowledge about an XML parser (notably, the Xerces one) may be required in order to perform some more elaborate tasks.

NetBee Packet Filter

The NetBee Filter is an implementation of a compiler which produce a program for NetVM virtual network processor in order to perform a packet filter process. This engine is devoted to compile a user filter specification (according to the syntax specified in the NetPFL language) using protocol description provided within protocols database.

NetVM virtual network processor

NetBee provide an API to control the NetVM virtual machine using simple C++ objects in order to make easier the interaction with this object.

NetBee Utilities

NetBee Statistical Module

Details about the NetBee statistical capabilities can be found here.

NetBee Compiler

NetBee provide a compiler for NetVM high level language programs. This language define a simple syntax to program a single NetPE instanced in the NetVM environment. Details about this language can be found here.

docs/overview.txt · Last modified: 2009/04/20 11:35 by admin     Back to top