Usage

go-dpi works by creating flows of packets and then passing them on to its different modules, until one of them manages to classify that flow. The main type used in this process is Flow. A Flow contains the list of packets belonging to it. The packets themselves are represented by the gopacket.Packet type, provided by the gopacket library. Also, the protocols are represented by the Protocol type, which is a string with the name of the protocol.

A new flow can be created using the NewFlow method. Afterwards, you may use the AddPacket method of a flow in order to add a packet to the flow, by providing it with a pointer to a gopacket.Packet. There is also a helper method, CreateFlowFromPacket, that creates a flow with a single packet.

Once you have a flow, you may attempt to classify it. You may want to use the classifiers provided by go-dpi. In order to do that, you may use classifiers.ClassifyFlow with the flow as the parameter. This runs each protocol classifier in turn, and if one of them can identify the flow, the protocol that is detected is returned by the method. If none of them can identify it, the Unknown protocol is returned.

Another option is using the wrappers the library contains. In order to do that, you must first call once wrappers.InitializeWrappers in order to initialize them. You should also call wrappers.DestroyWrappers in order to free them when the application is exiting. When they are initialized, you may call wrappers.ClassifyFlow with the flow. This gives the flow to each wrapper, and returns the first result. If no wrapper can identify it, the Unknown protocol is returned, as is the case above.

More in-depth documentation about the API and the structure of the code is available at https://godoc.org/github.com/mushorg/go-dpi. Currently supported protocols are:

• DNS
• FTP
• HTTP
• ICMP
• Netbios
• RDP
• RPC
• SMB
• SMTP
• SSL