Skip to content

Adding a protocol and classifier

Nikos Filippakis edited this page Jul 30, 2017 · 5 revisions

Adding a protocol is very simple: you only have to add it in the constants, in the types/protocols.go file, as a type Protocol which is a string. However, by itself, a protocol does nothing. In order to be able to detect it, you need to add a classifier for it, and/or a mapping between the wrappers and the go-dpi protocol identifier.

Adding a classifier for a new protocol

All classifiers are placed in the modules/classifiers subdirectory. Each one identifies only one protocol, though a protocol can have multiple classifiers. When a flow is being classified, all classifiers are ran, until one positively identifies the flow. Then, that classifier’s protocol is returned as the one detected.
A classifier needs to implement the GenericClassifier interface. That means that it must have the following method:

GetProtocol() godpi.Protocol

This method should return the protocol that the classifier attempts to detect. This way, when it detects the protocol, the library knows which protocol that is.
If the classifier is a heuristic classifier (e.g. uses heuristics for the detection of protocols) it should also implement the HeuristicClassifier interface, which contains the following method:

HeuristicClassify(*godpi.Flow) bool

This method simply takes a pointer to a flow and returns whether the flow can be identified by the classifier. Once the classifier class is defined, following the appropriate interfaces, it should be added to the classifierList list in NewClassifierModule in the file modules/classifiers/classifiers.go. This way the library enables the classifier by default and you won't need to enable it explicitly by configuring the module.

Adding a mapping from a wrapper to the protocol

Because the libraries that are used by go-dpi have their own representations for the protocols they detect, there is the need for a mapping between these representations and the go-dpi representation.
These mappings can be found at modules/wrappers/LPI_wrapper.go as lpiCodeToProtocol for libprotoident and at modules/wrappers/nDPI_wrapper.go as ndpiCodeToProtocol for nDPI. In order to add a protocol, you need to simply add an entry in the map from the library protocol id to the go-dpi protocol. The protocol numbers can be found at: