Tom Herbert is still on a quest to speed up the network stack[1]. In this talk he introduces the PANDA parser with intention to replace the venerable Linux kernel Flow Dissector. Tom says the flow dissector is hard coded, convoluted making it both hard to extend and hard to maintain. (yes, he is guilty as well having been one of the originators of the flow dissector).
PANDA parser is a domain specific parser that lives under the philosophy of "write once, run anywhere, run well". Unlike Flow Dissector, a PANDA Parser with metadata extraction is written in a declarative representation as opposed to imperative instructions - all in familiar C. It has been shown that while more flexible, the PANDA parser is more performant than flowdissector.
The PANDA parser may be compiled to different backends, currently two implemented backends are available: an optimized userspaces C and an XDP/eBPF one. There is ongoing work on generating a plain kernel version as well which may be consumed by other part of the kernel. For any of those 3 backends, the parser definition stays unchanged.
[1]https://legacy.netdevconf.info/0x14/session.html?talk-BP4-byte-code-for-prog...
More info: https://netdevconf.info/0x15/session.html?Replacing-Flow-Dissector-with-PAND...
cheers, jamal
PS: Registration is open, see: https://netdevconf.info/0x15/registration.html
PPS: We are looking to post the schedule today