Native Node Bindings for the Peafowl DPI Library
Peafowl is a flexible and extensible DPI framework which can be used to identify the application protocols carried by IP (IPv4 and IPv6) packets and to extract and process data and metadata carried by those protocols. This module allows NodeJS projects to leverage the power of Peafowl for Deep-Packet Inspection of live and recorded network traffic.
var peaFowl = require('node-peafowl')
The install script will automatically attempt compiling peafowl and building node gyp bindings
npm install
In case of issues building the library, run using --unsafe-perm:
npm install --unsafe-perm
/* INITIALIZE LIBRARY */
peaFowl.init();
/* DISSECT PACKETS AND RESOLVE PROTOCOL NAME */
peaFowl.get_L7_from_L2( PCAP_packet, PCAP_header, PCAP_LinkType ) );
/* EXTRACTION SETUP */
var buf = Buffer.from('DNS_NAME_SRV');
peaFowl.field_add_L7(buf)
/* EXTRACT PROTOCOL FIELDS */
var field = Buffer.from('DNS_NAME_SRV')
if (peaFowl.field_present(field)) {
console.log( peaFowl.field_string_get(field) );
}See a fully working Example using PCAP files
You can test our example by running npm test
| function | parameters | description |
|---|---|---|
| init | (void) | Initialize the library for statefull env |
| terminate | (void) | Teardown the library |
| get_L7_protocol_name | (packet, header, link type) | Dissect and return Protocol name as char * (l7) |
| function | parameters | description |
|---|---|---|
| field_add_L7 | (string Buffer) | Initialize extraction for the selected protocol field |
| field_present | (string Buffer) | Check if an extraction is present in a processed packet |
| field_number_get | (string Buffer) | Return the extracted value as int * |
| field_string_get | (string Buffer) | Return the extracted value as char * |
- Implement int64 response from library
- Add more test cases
Peafowl has been mainly developed by Dr. Daniele De Sensi
Node-Peafowl is developed by L. Mangani, M. Campus using the awesome NAPI-macros by Mathias Buus
If you use Peafowl or Node-Peafowl for scientific purposes, please cite the following paper:
"Deep Packet Inspection on Commodity Hardware using FastFlow", M. Danelutto, L. Deri, D. De Sensi, M. Torquati