The emergence of programmable switches such as the Intel Tofino has made it possible, in theory, to implement many network monitoring applications directly in the network data plane. In practice, however, such implementations are often more challenging than expected. A key difficulty is that such applications often depend, in part, on recognizing traffic patterns that are easy to specify as a deterministic finite state automaton (a DFA) but hard to implement thanks to stringent hardware constraints: to maximize throughput and avoid race conditions, state machine updates must be completed in a single Tofino pipeline stage, but the limited computational resources make finding an implementation a challenging puzzle. This paper presents a solution to such puzzles---a general framework for synthesizing DFA implementations automatically. A key insight is that such a synthesis system is free to renumber state machine states and implement transitions using any available arithmetic or logical operations over that renumbering, provided the resulting implementation is semantically equivalent to the input specification. To produce such a synthesizer, we model the required state machine semantics and the available single-stage switch operations using SMT constraints. An off-the-shelf SMT solver finds a solution to the constraints, and this solution is then translated to P4 code. We evaluate the effectiveness of our methods by synthesizing state machines for a variety of useful applications, including those that monitor TCP handshakes and video conference streams.
[1]
Zhiliang Wang,et al.
Bolt: Scalable and Cost-Efficient Multistring Pattern Matching With Programmable Switches
,
2023,
IEEE/ACM Transactions on Networking.
[2]
Mina Tahmasbi Arashloo,et al.
DBVal: Validating P4 Data Plane Runtime Behavior
,
2021,
SOSR.
[3]
Anirudh Sivaraman,et al.
Switch Code Generation Using Program Synthesis
,
2020,
SIGCOMM.
[4]
Dave Levin,et al.
Come as You Are: Helping Unmodified Clients Bypass Censorship with Server-side Evasion
,
2020,
SIGCOMM.
[5]
Robert Soulé,et al.
Fast String Searching on PISA
,
2019,
SOSR.
[6]
Yifei Yuan,et al.
Quantitative Network Monitoring with NetQRE
,
2017,
SIGCOMM.
[7]
Andrew Reed,et al.
Identifying HTTPS-Protected Netflix Videos in Real-Time
,
2017,
CODASPY.
[8]
Alvin Cheung,et al.
Packet Transactions: High-Level Programming for Line-Rate Switches
,
2015,
SIGCOMM.
[9]
Russell J. Clark,et al.
Kinetic: Verifiable Dynamic Network Control
,
2015,
NSDI.
[10]
George Varghese,et al.
Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN
,
2013,
SIGCOMM.
[11]
Nikolaj Bjørner,et al.
Z3: An Efficient SMT Solver
,
2008,
TACAS.
[12]
James R. Larus,et al.
Efficient path profiling
,
1996,
Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture. MICRO 29.