PcapPlusPlus icon indicating copy to clipboard operation
PcapPlusPlus copied to clipboard
verified publisher icon seladb

Can PcapPlusPlus support custom resolution to a specific protocol type based on the port number? Rather than according to the default RFC port definition.

Open angelyouyou opened this issue 4 years ago • 3 comments

In many cases, the protocol can customize or specify the port number instead of using the fixed allocation on the RFC. After I read the code of the TCP and UDP layer of PcapPlusPlus, I found that PcapPlusPlus is always recognized based on the default port number on the RFC. This is not flexible enough and scalability is not strong in many application scenarios. Do we have plans to add this kind of custom parsing in the future? If a custom parsing method is specified in the configuration file, the custom method will be used first, otherwise The default RFC-based port is still used for resolution.

angelyouyou avatar Jun 19 '21 02:06 angelyouyou

yes, this request has been discussed before here: https://github.com/seladb/PcapPlusPlus/issues/644. Right now it's not supported but if you want you're more than welcome to implement this feature. We can discuss what's the best way to do it.

seladb avatar Jun 19 '21 05:06 seladb

yes, this request has been discussed before here: #644. Right now it's not supported but if you want you're more than welcome to implement this feature. We can discuss what's the best way to do it.

I think we can add a configuration file to re-define the protocol recognization.Like the wireshark, it can specify the port of the protocol to recognize. It is not difficult to implement, but very useful in many cases.I'd like to implement it.

Which directory or file can I add the configuration file and parse json file?

angelyouyou avatar Jun 19 '21 09:06 angelyouyou

This can be a good addition to this project. This is just for configuring ports, is that correct? I think we can let the user choose the location of the file. It can be in json format as you mentioned. Please note that this will require a change in the existing layers to be able to read the data from the file as well, for example:

You basically need to:

  • Read the file if exists and load it to some class in memory - we can probably keep a map between the protocol type and the custom ports
  • Modify each layer to look at this map and return all the relevant ports - both the default ones and the ports in this map

seladb avatar Jun 22 '21 06:06 seladb