diff --git a/cmd/dpi-protocol-probe/main.go b/cmd/dpi-protocol-probe/main.go index f7feaaf..65c35a5 100644 --- a/cmd/dpi-protocol-probe/main.go +++ b/cmd/dpi-protocol-probe/main.go @@ -1,3 +1,4 @@ +// Command dpi-protocol-probe for probing network server protocols. package main import ( diff --git a/protocol/detect/dns/detect.go b/protocol/detect/dns/detect.go index 23bd96e..2c2ee8c 100644 --- a/protocol/detect/dns/detect.go +++ b/protocol/detect/dns/detect.go @@ -1,3 +1,12 @@ +// Package dns implements DNS protocol detection. +// +// This package doesn't expose any public functions, but registers itself for use in protocol detection. +// +// # How to use this package +// +// Import this package into your project in order to enable DNS protocol detection: +// +// import _ "git.maze.io/go/dpi/protocol/detect/dns" // Register DNS protocol detection package dns import ( @@ -11,8 +20,8 @@ import ( "git.maze.io/go/dpi/protocol" ) -// Name is the DNS protocol name. -const Name = "dns" +// protocolName is the DNS protocol name. +const protocolName = "dns" var ( classTypeScoreUnknown = -.15 @@ -47,10 +56,11 @@ var ( func init() { // Every DNS packet (query or answer) has a 12-byte header. log.Println("register DetectDNS") - protocol.Register(protocol.Both, "????????????", DetectDNS) + protocol.Register(protocol.Both, "????????????", detectDNS) } -func DetectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto *protocol.Protocol, confidence float64) { +// detectDNS can detect DNS queries and answersr from the provided data. +func detectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto *protocol.Protocol, confidence float64) { log.Printf("detect dns: %q", hex.EncodeToString(data)) // Parsing using miekg/dns @@ -146,6 +156,6 @@ func DetectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto // to exfiltrate data using malicious queries, etc. return &protocol.Protocol{ - Name: Name, + Name: protocolName, }, confidence } diff --git a/protocol/detect/dns/detect_test.go b/protocol/detect/dns/detect_test.go index f0a1177..88ff931 100644 --- a/protocol/detect/dns/detect_test.go +++ b/protocol/detect/dns/detect_test.go @@ -72,8 +72,8 @@ func TestDetectDNS(t *testing.T) { return } t.Logf("detected %s confidence %g%%", p.Name, c*100) - if p.Name != Name { - t.Errorf("expected %q protocol, got %q", Name, p.Name) + if p.Name != protocolName { + t.Errorf("expected %q protocol, got %q", protocolName, p.Name) } }) @@ -84,8 +84,8 @@ func TestDetectDNS(t *testing.T) { return } t.Logf("detected %s confidence %g%%", p.Name, c*100) - if p.Name != Name { - t.Errorf("expected %q protocol, got %q", Name, p.Name) + if p.Name != protocolName { + t.Errorf("expected %q protocol, got %q", protocolName, p.Name) } }) @@ -96,8 +96,8 @@ func TestDetectDNS(t *testing.T) { return } t.Logf("detected %s confidence %g%%", p.Name, c*100) - if p.Name != Name { - t.Errorf("expected %q protocol, got %q", Name, p.Name) + if p.Name != protocolName { + t.Errorf("expected %q protocol, got %q", protocolName, p.Name) } }) @@ -108,8 +108,8 @@ func TestDetectDNS(t *testing.T) { return } t.Logf("detected %s confidence %g%%", p.Name, c*100) - if p.Name != Name { - t.Errorf("expected %q protocol, got %q", Name, p.Name) + if p.Name != protocolName { + t.Errorf("expected %q protocol, got %q", protocolName, p.Name) } }) } diff --git a/protocol/match.go b/protocol/match.go index 9d64e4e..3ba1a1a 100644 --- a/protocol/match.go +++ b/protocol/match.go @@ -2,12 +2,12 @@ package protocol // Match the input against the magic string pattern. // -// '?' matches any single character -// '*' matches zero or more characters -// '\' escapes special characters ('?', '*', '\') -// All other characters must match exactly +// - '?' matches any single character +// - '*' matches zero or more characters +// - '\' escapes special characters ('?', '*', '\') +// - all other characters must match exactly // -// Returns true if all magic bytes are matched, even if input has extra bytes. +// Returns true if all magic bytes are matched, even if the input has extra bytes. func Match(magic string, input []byte) bool { if len(magic) == 0 { return true diff --git a/protocol/match_example_test.go b/protocol/match_example_test.go new file mode 100644 index 0000000..44b9a44 --- /dev/null +++ b/protocol/match_example_test.go @@ -0,0 +1,20 @@ +package protocol_test + +import ( + "fmt" + + "git.maze.io/go/dpi/protocol" +) + +func ExampleMatch() { + fmt.Println(protocol.Match("t?s?", []byte("test"))) + fmt.Println(protocol.Match("t?s?", []byte("test with more data"))) + fmt.Println(protocol.Match("t?s?", []byte("text with more data"))) + fmt.Println(protocol.Match("select * from user", []byte("select an apple from user"))) + fmt.Println(protocol.Match("select * from user", []byte("select an apple from the user"))) + // Output: true + // true + // false + // true + // false +}