go/dpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Refactored detection logic to include ports and a confidence score

Browse Source
This commit is contained in:
maze
2025-10-09 11:54:43 +02:00
parent 2081d684ed
commit 2ab59437fa
17 changed files with 795 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
protocol/detect_ssh.go
View File

@@ -14,10 +14,14 @@ func init() {
Register(Both, "", detectSSH)
}
func detectSSH(dir Direction, data []byte) *Protocol {
func detectSSH(dir Direction, data []byte, srcPort, dstPort int) (proto *Protocol, confidence float64) {
// The data must be at least as long as the prefix itself.
if len(data) < len(ssh20Prefix) {
return nil
return nil, 0
}
if dstPort == 22 || dstPort == 2200 || dstPort == 2222 {
confidence = .1
}
// The protocol allows for pre-banner text, so we have to check all lines.
@@ -32,7 +36,7 @@ func detectSSH(dir Direction, data []byte) *Protocol {
Patch: -1,
Extra: string(line[len(ssh20Prefix):]),
},
}
}, confidence + 0.75
}
if bytes.HasPrefix(line, []byte(ssh199Prefix)) {
return &Protocol{
@@ -43,9 +47,9 @@ func detectSSH(dir Direction, data []byte) *Protocol {
Patch: -1,
Extra: string(line[len(ssh20Prefix):]),
},
}
}, confidence + 0.75
}
}
return nil
return nil, 0
}