Peafowl is a flexible and extensible Deep Packet Inspection (DPI) framework which can be used to identify the application protocols carried by IP (IPv4 and IPv6) packets and to extract and process data and metadata at different layers. Peafowl is implemented in C. However, C++ and Python APIs are also provided. Since C++ and Python wraps the C interface, they could introduce some small overhead (e.g. due to some extra data copies, etc...). As a rule of thumb, you should use the C interface if performance is a major concern, and C++ or Python interfaces if you are more concerned about ease of use.
By using Peafowl it is possible to implement different kinds of applications like:
- URL filtering (for parental control or access control)
- User-Agent or Content-Type filtering (e.g. block traffic for mobile users, block video traffic, etc...)
- Security controls (e.g. block the traffic containing some malicious signatures or patterns)
- Data leak prevention
- Quality of Service and Traffic shaping (e.g. to give higher priority to VoIP traffic)
Peafowl is not tied to any specific technology for packet capture. Accordingly, you can capture the packets using pcap, sockets, DPDK, PF_RING or whatever technology you prefer.
To correctly identify the protocol also when its data is split among multiple IP fragments and/or TCP segments and to avoid the possibility of evasion attacks, if required, the framework can perform IP defragmentation and TCP stream reassembly.
For a detailed description of the framework, of its usage, its API and on how to extend it, please refer to the documentation.
If you use Peafowl for scientific purposes, please cite our paper:
@inproceedings{ff:DPI:14,
address = {Munich, Germany},
author = {Danelutto, Marco and Deri, Luca and De Sensi, Daniele and Torquati, Massimo},
booktitle = {Proceedings of 15th International Parallel Computing Conference ({ParCo})},
doi = {10.3233/978-1-61499-381-0-92},
editor = {Michael Bader and Arndt Bode and Hans-Joachim Bungartz and Michael Gerndt and Gerhard R. Joubert and Frans Peters},
keywords = {fastflow, dpi, network monitoring},
pages = {92 -- 99},
pdf = {http://pages.di.unipi.it/desensi/assets/pdf/2013_ParCo.pdf},
publisher = {IOS Press},
series = {Advances in Parallel Computing},
title = {Deep Packet Inspection on Commodity Hardware using FastFlow},
url = {http://ebooks.iospress.nl/publication/35869},
volume = {25},
year = {2013}
}
Peafowl has been mainly developed by Daniele De Sensi ([email protected]).
The following people contributed to Peafowl:
- Daniele De Sensi ([email protected]): Main developer
- Michele Campus ([email protected]): DNS, RTP and RTCP dissectors, L2 parsing
- Lorenzo Mangani ([email protected]): SIP, RTP and Skype dissectors
- max197616 (https://github.com/max197616): SSL dissector
- InSdi (https://github.com/InSdi) ([email protected]): Viber, Kerberos and MySQL dissectors
- QXIP B.V. (http://qxip.net/) sponsored the development of some Peafowl features (e.g. SIP, RTP, RTCP dissectors and others)
- CounterFlowAI (https://www.counterflow.ai/) sponsored the development of some Peafowl features (e.g. TCP statistics)
- David Cluytens (https://github.com/cldavid): QUIC5 dissector
I would like to thank Prof. Marco Danelutto, Dr. Luca Deri and Dr. Massimo Torquati for their essential help and valuable advices.
If you would like to contribute to Peafowl development, for example by adding new protocols, please refer to the documentation.
The authors of Peafowl are strongly against any form of censorship. Please make sure that you respect the privacy of users and you have proper authorization to listen, capture and inspect network traffic.