I am developing a device with the same functionality as IPS. So I'm implementing the function to filter packets using Netfilter's NFQueue. I have received the packet through the NFQueue and have confirmed that the received packet operates normally for functions such as modulation, delay, drop, etc. However, I am worried about implementing packet filtering function in Application Layer. It should basically be able to filter GOOSE and MMS Protocol at the user level. However, the MMS Protocol is complex. So I would like to refer to Wireshark's Dissector Library. I can receive the entire packet data, including the Ethernet frame, in binary format. I want to divide the MMS and GOOSE packets into protocol layers by referring to this binary data and the Wireshark Library. Is this possible?
