go/dpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Refactored detection logic to include ports and a confidence score

Browse Source
This commit is contained in:
maze
2025-10-09 11:54:43 +02:00
parent 2081d684ed
commit 2ab59437fa
17 changed files with 795 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
protocol/detect_tls.go
View File

@@ -17,12 +17,12 @@ func registerTLS() {
Register(Both, "\x16\x03\x03", detectTLS) // TLSv1.2
}
func detectTLS(dir Direction, data []byte) *Protocol {
func detectTLS(dir Direction, data []byte, _, _ int) (proto *Protocol, confidence float64) {
stream := cryptobyte.String(data)
// A TLS packet always has a content type (1 byte), version (2 bytes) and length (2 bytes).
if len(stream) < 5 {
return nil
return nil, 0
}
// Check for TLS Handshake (type 22)
@@ -32,15 +32,18 @@ func detectTLS(dir Direction, data []byte) *Protocol {
Length uint32
}
if !stream.ReadUint8(&header.Type) || header.Type != 0x16 {
return nil
return nil, 0
}
if !stream.ReadUint16(&header.Version) {
return nil
return nil, 0
}
if !stream.ReadUint24(&header.Length) {
return nil
return nil, 0
}
// Initial confidence
confidence = 0.5
// Detected SSL/TLS version
var version dpi.TLSVersion
@@ -48,6 +51,7 @@ func detectTLS(dir Direction, data []byte) *Protocol {
if version == 0 {
if hello, err := dpi.DecodeTLSClientHelloHandshake(data); err == nil {
version = hello.Version
confidence += .45
}
}
@@ -55,6 +59,7 @@ func detectTLS(dir Direction, data []byte) *Protocol {
if version == 0 {
if hello, err := dpi.DecodeTLSServerHello(data); err == nil {
version = hello.Version
confidence += .45
}
}
@@ -68,6 +73,7 @@ func detectTLS(dir Direction, data []byte) *Protocol {
)
if stream.ReadUint24(&length) && stream.ReadUint16(&versionWord) {
version = dpi.TLSVersion(versionWord)
confidence += .25
}
}
}
@@ -82,17 +88,17 @@ func detectTLS(dir Direction, data []byte) *Protocol {
return &Protocol{
Name: ProtocolSSL,
Version: Version{Major: 3, Minor: 0, Patch: -1},
}
}, confidence
} else if version >= dpi.VersionTLS10 && version <= dpi.VersionTLS13 {
return &Protocol{
Name: ProtocolTLS,
Version: Version{Major: 1, Minor: int(uint8(version) - 1), Patch: -1},
}
}, confidence
} else if version >= dpi.VersionTLS13Draft && version <= dpi.VersionTLS13Draft23 {
return &Protocol{
Name: ProtocolTLS,
Version: Version{Major: 1, Minor: 3, Patch: -1},
}
}, confidence
}
return nil
return nil, 0
}