I know Wireshark is only used to capture and decode the network packets, without any Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) functions. It provides source code for developers to development own required additional functions.
My question is that what is the bottleneck of Wireshark development? Is it possible to add own IDS or IPS modules, or software firewall (application layer), through source code editing?
If it exceeds the bottleneck of Wireshark development, any open source sdk can do it?
Is it possible to add own IDS or IPS modules
It might be possible, but Wireshark's packet dissection is oriented towards getting all packet details, so it might be doing more work than is needed for an IDS, which might make it too slow to act as a good IDS.
It has no hooks into the operating-system-dependent mechanisms necessary for an IPS - i.e., mechanisms to discard packets considered part of an intrusion - so there's no place to add an IPS module.
or software firewall (application layer),
Again, Wireshark has no hooks into the operating-system-dependent mechanisms necessary for a firewall.