1
0
mirror of https://github.com/moparisthebest/sslh synced 2024-11-28 12:02:22 -05:00

Introduce the probe return codes.

This commit is contained in:
Ondřej Kuzník 2013-09-23 23:30:33 +01:00 committed by Yves Rutschle
parent c5cd91d92c
commit c84a6af847
2 changed files with 21 additions and 11 deletions

26
probe.c
View File

@ -125,10 +125,10 @@ void hexdump(const char *mem, unsigned int len)
/* Is the buffer the beginning of an SSH connection? */ /* Is the buffer the beginning of an SSH connection? */
static int is_ssh_protocol(const char *p, int len, struct proto *proto) static int is_ssh_protocol(const char *p, int len, struct proto *proto)
{ {
if (len >= 4 && !strncmp(p, "SSH-", 4)) { if (len < 4)
return 1; return PROBE_NEXT;
}
return 0; return !strncmp(p, "SSH-", 4);
} }
/* Is the buffer the beginning of an OpenVPN connection? /* Is the buffer the beginning of an OpenVPN connection?
@ -146,7 +146,7 @@ static int is_openvpn_protocol (const char*p,int len, struct proto *proto)
int packet_len; int packet_len;
if (len < 2) if (len < 2)
return 0; return PROBE_NEXT;
packet_len = ntohs(*(uint16_t*)p); packet_len = ntohs(*(uint16_t*)p);
return packet_len == len - 2; return packet_len == len - 2;
@ -158,7 +158,7 @@ static int is_openvpn_protocol (const char*p,int len, struct proto *proto)
static int is_tinc_protocol( const char *p, int len, struct proto *proto) static int is_tinc_protocol( const char *p, int len, struct proto *proto)
{ {
if (len < 2) if (len < 2)
return 0; return PROBE_NEXT;
return !strncmp(p, "0 ", 2); return !strncmp(p, "0 ", 2);
} }
@ -169,13 +169,16 @@ static int is_tinc_protocol( const char *p, int len, struct proto *proto)
* */ * */
static int is_xmpp_protocol( const char *p, int len, struct proto *proto) static int is_xmpp_protocol( const char *p, int len, struct proto *proto)
{ {
if (len < 6)
return PROBE_NEXT;
return memmem(p, len, "jabber", 6) ? 1 : 0; return memmem(p, len, "jabber", 6) ? 1 : 0;
} }
static int probe_http_method(const char *p, int len, const char *opt) static int probe_http_method(const char *p, int len, const char *opt)
{ {
if (len < strlen(opt)) if (len < strlen(opt))
return 0; return PROBE_NEXT;
return !strncmp(p, opt, len); return !strncmp(p, opt, len);
} }
@ -183,11 +186,12 @@ static int probe_http_method(const char *p, int len, const char *opt)
/* Is the buffer the beginning of an HTTP connection? */ /* Is the buffer the beginning of an HTTP connection? */
static int is_http_protocol(const char *p, int len, struct proto *proto) static int is_http_protocol(const char *p, int len, struct proto *proto)
{ {
int res;
/* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */ /* If it's got HTTP in the request (HTTP/1.1) then it's HTTP */
if (memmem(p, len, "HTTP", 4)) if (memmem(p, len, "HTTP", 4))
return 1; return PROBE_MATCH;
#define PROBE_HTTP_METHOD(opt) if (probe_http_method(p, len, opt)) return 1 #define PROBE_HTTP_METHOD(opt) if ((res = probe_http_method(p, len, opt)) != PROBE_NEXT) return res
/* Otherwise it could be HTTP/1.0 without version: check if it's got an /* Otherwise it could be HTTP/1.0 without version: check if it's got an
* HTTP method (RFC2616 5.1.1) */ * HTTP method (RFC2616 5.1.1) */
@ -202,13 +206,13 @@ static int is_http_protocol(const char *p, int len, struct proto *proto)
#undef PROBE_HTTP_METHOD #undef PROBE_HTTP_METHOD
return 0; return PROBE_NEXT;
} }
static int is_tls_protocol(const char *p, int len, struct proto *proto) static int is_tls_protocol(const char *p, int len, struct proto *proto)
{ {
if (len < 3) if (len < 3)
return 0; return PROBE_NEXT;
/* TLS packet starts with a record "Hello" (0x16), followed by version /* TLS packet starts with a record "Hello" (0x16), followed by version
* (0x03 0x00-0x03) (RFC6101 A.1) * (0x03 0x00-0x03) (RFC6101 A.1)

View File

@ -5,6 +5,12 @@
#include "common.h" #include "common.h"
typedef enum {
PROBE_NEXT,
PROBE_MATCH,
PROBE_AGAIN,
} probe_result;
struct proto; struct proto;
typedef int T_PROBE(const char*, int, struct proto*); typedef int T_PROBE(const char*, int, struct proto*);