go/dpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Docfix: cleanup

Browse Source
This commit is contained in:
maze
2025-10-09 17:58:40 +02:00
parent 97f3adbb31
commit 52f576d025
5 changed files with 49 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/dpi-protocol-probe/main.go
View File

@@ -1,3 +1,4 @@
// Command dpi-protocol-probe for probing network server protocols.
package main package main
import ( import (

20
protocol/detect/dns/detect.go
View File

@@ -1,3 +1,12 @@
// Package dns implements DNS protocol detection.
//
// This package doesn't expose any public functions, but registers itself for use in protocol detection.
//
// # How to use this package
//
// Import this package into your project in order to enable DNS protocol detection:
//
// import _ "git.maze.io/go/dpi/protocol/detect/dns" // Register DNS protocol detection
package dns package dns
import ( import (
@@ -11,8 +20,8 @@ import (
"git.maze.io/go/dpi/protocol" "git.maze.io/go/dpi/protocol"
) )
// Name is the DNS protocol name. // protocolName is the DNS protocol name.
const Name = "dns" const protocolName = "dns"
var ( var (
classTypeScoreUnknown = -.15 classTypeScoreUnknown = -.15
@@ -47,10 +56,11 @@ var (
func init() { func init() {
// Every DNS packet (query or answer) has a 12-byte header. // Every DNS packet (query or answer) has a 12-byte header.
log.Println("register DetectDNS") log.Println("register DetectDNS")
protocol.Register(protocol.Both, "????????????", DetectDNS) protocol.Register(protocol.Both, "????????????", detectDNS)
} }
func DetectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto *protocol.Protocol, confidence float64) { // detectDNS can detect DNS queries and answersr from the provided data.
func detectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto *protocol.Protocol, confidence float64) {
log.Printf("detect dns: %q", hex.EncodeToString(data)) log.Printf("detect dns: %q", hex.EncodeToString(data))
// Parsing using miekg/dns // Parsing using miekg/dns
@@ -146,6 +156,6 @@ func DetectDNS(dir protocol.Direction, data []byte, srcPort, dstPort int) (proto
// to exfiltrate data using malicious queries, etc. // to exfiltrate data using malicious queries, etc.
return &protocol.Protocol{ return &protocol.Protocol{
Name: Name, Name: protocolName,
}, confidence }, confidence
} }

16
protocol/detect/dns/detect_test.go
View File

@@ -72,8 +72,8 @@ func TestDetectDNS(t *testing.T) {
return return
} }
t.Logf("detected %s confidence %g%%", p.Name, c*100) t.Logf("detected %s confidence %g%%", p.Name, c*100)
if p.Name != Name { if p.Name != protocolName {
t.Errorf("expected %q protocol, got %q", Name, p.Name) t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
} }
}) })
@@ -84,8 +84,8 @@ func TestDetectDNS(t *testing.T) {
return return
} }
t.Logf("detected %s confidence %g%%", p.Name, c*100) t.Logf("detected %s confidence %g%%", p.Name, c*100)
if p.Name != Name { if p.Name != protocolName {
t.Errorf("expected %q protocol, got %q", Name, p.Name) t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
} }
}) })
@@ -96,8 +96,8 @@ func TestDetectDNS(t *testing.T) {
return return
} }
t.Logf("detected %s confidence %g%%", p.Name, c*100) t.Logf("detected %s confidence %g%%", p.Name, c*100)
if p.Name != Name { if p.Name != protocolName {
t.Errorf("expected %q protocol, got %q", Name, p.Name) t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
} }
}) })
@@ -108,8 +108,8 @@ func TestDetectDNS(t *testing.T) {
return return
} }
t.Logf("detected %s confidence %g%%", p.Name, c*100) t.Logf("detected %s confidence %g%%", p.Name, c*100)
if p.Name != Name { if p.Name != protocolName {
t.Errorf("expected %q protocol, got %q", Name, p.Name) t.Errorf("expected %q protocol, got %q", protocolName, p.Name)
} }
}) })
} }

10
protocol/match.go
View File

@@ -2,12 +2,12 @@ package protocol
// Match the input against the magic string pattern. // Match the input against the magic string pattern.
// //
// '?' matches any single character // - '?' matches any single character
// '*' matches zero or more characters // - '*' matches zero or more characters
// '\' escapes special characters ('?', '*', '\') // - '\' escapes special characters ('?', '*', '\')
// All other characters must match exactly // - all other characters must match exactly
// //
// Returns true if all magic bytes are matched, even if input has extra bytes. // Returns true if all magic bytes are matched, even if the input has extra bytes.
func Match(magic string, input []byte) bool { func Match(magic string, input []byte) bool {
if len(magic) == 0 { if len(magic) == 0 {
return true return true

20
protocol/match_example_test.go Normal file
View File

@@ -0,0 +1,20 @@
package protocol_test
import (
"fmt"
"git.maze.io/go/dpi/protocol"
)
func ExampleMatch() {
fmt.Println(protocol.Match("t?s?", []byte("test")))
fmt.Println(protocol.Match("t?s?", []byte("test with more data")))
fmt.Println(protocol.Match("t?s?", []byte("text with more data")))
fmt.Println(protocol.Match("select * from user", []byte("select an apple from user")))
fmt.Println(protocol.Match("select * from user", []byte("select an apple from the user")))
// Output: true
// true
// false
// true
// false
}