-
Notifications
You must be signed in to change notification settings - Fork 54
Adding a protocol and classifier
Adding a protocol is very simple: you only have to add it in the constants, in the types/protocols.go
file, as a type Protocol
which is a string. However, by itself, a protocol does nothing. In order to be able to detect it, you need to add a classifier for it, and/or a mapping between the wrappers and the go-dpi protocol identifier.
All classifiers are placed in the modules/classifiers
subdirectory. Each one identifies only one protocol, though a protocol can have multiple classifiers. When a flow is being classified, all classifiers are ran, until one positively identifies the flow. Then, that classifier’s protocol is returned as the one detected.
A classifier needs to implement the GenericClassifier
interface. That means that it must have the following method:
GetProtocol() godpi.Protocol
This method should return the protocol that the classifier attempts to detect. This way, when it detects the protocol, the library knows which protocol that is.
If the classifier is a heuristic classifier (e.g. uses heuristics for the detection of protocols) it should also implement the HeuristicClassifier
interface, which contains the following method:
HeuristicClassify(*godpi.Flow) bool
This method simply takes a pointer to a flow and returns whether the flow can be identified by the classifier.
Once the classifier class is defined, following the appropriate interfaces, it should be added to the classifierList
list in NewClassifierModule
in the file modules/classifiers/classifiers.go
. This way the library enables the classifier by default and you won't need to enable it explicitly by configuring the module.
Because the libraries that are used by go-dpi have their own representations for the protocols they detect, there is the need for a mapping between these representations and the go-dpi representation.
These mappings can be found at modules/wrappers/LPI_wrapper.go
as lpiCodeToProtocol
for libprotoident and at modules/wrappers/nDPI_wrapper.go
as ndpiCodeToProtocol
for nDPI. In order to add a protocol, you need to simply add an entry in the map from the library protocol id to the go-dpi protocol. The protocol numbers can be found at:
- https://github.com/ntop/nDPI/blob/dev/src/include/ndpi_protocol_ids.h for nDPI
-
https://github.com/wanduow/libprotoident/blob/master/lib/libprotoident.h for libprotoident in the
lpi_protocol_t
enumeration