Hi all, Is there a packet analysis framework in Haskell? The framework should abstract away the features of packet analysis in the form of a library that people can use and write extensions to perform computation on the packets flowing through the network. What are the "features" of packet analysis? 1. Support for packet packet selection, matching a particular criteria. Example: (protocol = tcp && destination_port = 80). 2. Multi-threaded. Since the process of computation on packets is inherently data-parallel, the framework should abstract away the parallelism and make use of different CPU cores if available. I believe the features in Haskell would be a great boon to easily achieve this. 3. Support for statistics. Packet analysis is usually done for a purpose. Say, I would like to collect statistics about the rate of connections to a webserver. I would want to: (a) Filter packets, using features in (1). (b) Count the number of packets that pass through after applying operation (a). (c) Generate reports if a particular condition is flagged in (b). Example: (a) protocol = tcp && SYN set in flags && destination_port = 80, (b) count the number of SYN packets, (c) report if d(count)/dt > 100. 4. Availability of efficient data structures for achieving real time performance. Example: The user might want to check if ARP spoofing is taking place. In which case, one has to cache the "already seen" mapping between protocol and hardware addresses learnt from the packets that flowed, and constantly checking new addresses against this structure for duplicates. The above are some of the features which I believe are necessary for packet analysis (or, analytics maybe?). There could be more. I was wondering if Haskell would be a good language to achieve these things. I had a brief idea and started writing an application in C and I realised the need for such a framework. The ease of parallelism offered by Haskell prompted me to think about using it. I would like to hear your comments. Also, would this qualify as a project that someone in the Haskell community would be willing to mentor for GSoC 2009? (Assuming Haskell would be on the list of mentoring organisations, although I have no reason to doubt it wouldn't.) Thanks, Regards, -- Vimal