Clone wiki

Hassel-Public / Home

Note: This code is no longer maintained.

What is HeaderSpace Analysis (HSA)?

Header space analysis is static checking framework that gives us a unified view of almost all boxes installed in a network and on top of that provides a protocol agnostic interface to run check on the network. You can learn more about HSA by reading the NSDI Paper or watching this NSDI Talk.

Header Space Library (Hassel)

Hassel is a library implementing the Header Space Framework. It also includes some applications developed on top of Header Space Framework. You can obtain a copy from git repository below:

$ git clone

Hassel Library


This is the first iteration of Header Space Library written in python. This is an out-dated code and we only need the config_parser and examples directory here for parsing configs into transfer function (.tf) files.

Configuration Parser

config_parser contains a parser for Cisco IOS commands output. It can read and understand the output of "sh config", "sh ip cef", "sh spanning-tree", "sh mac-address-table" and "sh arp" and generate a transfer function object to capture the behavior of the box.

Datasets and Examples

In examples directory, we provided several examples of using Hassel. examples/stanford/Stanford_backbone contain the output of the 5 Cisco IOS commands on backbone routers of Stanford network (with very little sensitive data removed). By running, the config_parser translates these configurations into a transfer function object which will be saved in tf_stanford_backbone. This can be used by Hassel-C for computing reachability and loops.


Hassel-C is an optimized version of the header space library written in C.

Running Reachability

  1. Use the config parser to generate the .tf files for the network. These files should go in the "tfs" subdirectory. (Some example datasets, including the Stanford backbone, are already included.)
  2. If adding a new network, cp src/apps/stanford.c src/apps/<network>.c.
  3. Compile hassel-c with make. This will create a number of executables.
  4. Run ./gen <network>, which reads the transfer functions from tfs/<network>/* and creates the data file data/<network>.dat.
  5. Run ./<network> <source_port> [<dest_port>...]. Ports should be identified by number. Use the config parser to convert numbers to names.

Note: run-c-reachability is a python wrapper for hassel-c on stanford network which makes it easier to find reachability between two ports and pretty-printing the results.