Docfix: cleanup
This commit is contained in:
@@ -1,3 +1,12 @@
|
||||
// Package dns implements DNS protocol detection.
|
||||
//
|
||||
// This package doesn't expose any public functions, but registers itself for use in protocol detection.
|
||||
//
|
||||
// # How to use this package
|
||||
//
|
||||
// Import this package into your project in order to enable DNS protocol detection:
|
||||
//
|
||||
// import _ "git.maze.io/go/dpi/protocol/detect/dns" // Register DNS protocol detection
|
||||
package dns
|
||||
|
||||
import (
|
||||
@@ -11,8 +20,8 @@ import (
|
||||
"git.maze.io/go/dpi/protocol"
|
||||
)
|
||||
|
||||
// Name is the DNS protocol name.
|
||||
const Name = "dns"
|
||||
// protocolName is the DNS protocol name.
|
||||
const protocolName = "dns"
|
||||
|
||||
var (
|
||||
classTypeScoreUnknown = -.15
|
||||
@@ -47,10 +56,11 @@ var (
|
||||
func init() {
|
||||
// Every DNS packet (query or answer) has a 12-byte header.
|
||||
log.Println("register DetectDNS")
|
||||
protocol.Register(protocol.Both, "????????????", DetectDNS)
|
||||
protocol.Register(protocol.Both, "????????????", detectDNS)
|
||||
}
|
||||
|
||||
func DetectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto *protocol.Protocol, confidence float64) {
|
||||
// detectDNS can detect DNS queries and answersr from the provided data.
|
||||
func detectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto *protocol.Protocol, confidence float64) {
|
||||
log.Printf("detect dns: %q", hex.EncodeToString(data))
|
||||
|
||||
// Parsing using miekg/dns
|
||||
@@ -146,6 +156,6 @@ func DetectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto
|
||||
// to exfiltrate data using malicious queries, etc.
|
||||
|
||||
return &protocol.Protocol{
|
||||
Name: Name,
|
||||
Name: protocolName,
|
||||
}, confidence
|
||||
}
|
||||
|
||||
@@ -72,8 +72,8 @@ func TestDetectDNS(t *testing.T) {
|
||||
return
|
||||
}
|
||||
t.Logf("detected %s confidence %g%%", p.Name, c*100)
|
||||
if p.Name != Name {
|
||||
t.Errorf("expected %q protocol, got %q", Name, p.Name)
|
||||
if p.Name != protocolName {
|
||||
t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
|
||||
}
|
||||
})
|
||||
|
||||
@@ -84,8 +84,8 @@ func TestDetectDNS(t *testing.T) {
|
||||
return
|
||||
}
|
||||
t.Logf("detected %s confidence %g%%", p.Name, c*100)
|
||||
if p.Name != Name {
|
||||
t.Errorf("expected %q protocol, got %q", Name, p.Name)
|
||||
if p.Name != protocolName {
|
||||
t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
|
||||
}
|
||||
})
|
||||
|
||||
@@ -96,8 +96,8 @@ func TestDetectDNS(t *testing.T) {
|
||||
return
|
||||
}
|
||||
t.Logf("detected %s confidence %g%%", p.Name, c*100)
|
||||
if p.Name != Name {
|
||||
t.Errorf("expected %q protocol, got %q", Name, p.Name)
|
||||
if p.Name != protocolName {
|
||||
t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
|
||||
}
|
||||
})
|
||||
|
||||
@@ -108,8 +108,8 @@ func TestDetectDNS(t *testing.T) {
|
||||
return
|
||||
}
|
||||
t.Logf("detected %s confidence %g%%", p.Name, c*100)
|
||||
if p.Name != Name {
|
||||
t.Errorf("expected %q protocol, got %q", Name, p.Name)
|
||||
if p.Name != protocolName {
|
||||
t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
@@ -2,12 +2,12 @@ package protocol
|
||||
|
||||
// Match the input against the magic string pattern.
|
||||
//
|
||||
// '?' matches any single character
|
||||
// '*' matches zero or more characters
|
||||
// '\' escapes special characters ('?', '*', '\')
|
||||
// All other characters must match exactly
|
||||
// - '?' matches any single character
|
||||
// - '*' matches zero or more characters
|
||||
// - '\' escapes special characters ('?', '*', '\')
|
||||
// - all other characters must match exactly
|
||||
//
|
||||
// Returns true if all magic bytes are matched, even if input has extra bytes.
|
||||
// Returns true if all magic bytes are matched, even if the input has extra bytes.
|
||||
func Match(magic string, input []byte) bool {
|
||||
if len(magic) == 0 {
|
||||
return true
|
||||
|
||||
20
protocol/match_example_test.go
Normal file
20
protocol/match_example_test.go
Normal file
@@ -0,0 +1,20 @@
|
||||
package protocol_test
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"git.maze.io/go/dpi/protocol"
|
||||
)
|
||||
|
||||
func ExampleMatch() {
|
||||
fmt.Println(protocol.Match("t?s?", []byte("test")))
|
||||
fmt.Println(protocol.Match("t?s?", []byte("test with more data")))
|
||||
fmt.Println(protocol.Match("t?s?", []byte("text with more data")))
|
||||
fmt.Println(protocol.Match("select * from user", []byte("select an apple from user")))
|
||||
fmt.Println(protocol.Match("select * from user", []byte("select an apple from the user")))
|
||||
// Output: true
|
||||
// true
|
||||
// false
|
||||
// true
|
||||
// false
|
||||
}
|
||||
Reference in New Issue
Block a user