tcp

Documentation

Index

• type FETAnalyzer
  • func (a *FETAnalyzer) Limit() int
  • func (a *FETAnalyzer) Name() string
  • func (a *FETAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream
• type HTTPAnalyzer
  • func (a *HTTPAnalyzer) Limit() int
  • func (a *HTTPAnalyzer) Name() string
  • func (a *HTTPAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream
• type SSHAnalyzer
  • func (a *SSHAnalyzer) Limit() int
  • func (a *SSHAnalyzer) Name() string
  • func (a *SSHAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream
• type TLSAnalyzer
  • func (a *TLSAnalyzer) Limit() int
  • func (a *TLSAnalyzer) Name() string
  • func (a *TLSAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream
• type TrojanAnalyzer
  • func (a *TrojanAnalyzer) Limit() int
  • func (a *TrojanAnalyzer) Name() string
  • func (a *TrojanAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream

Types

type FETAnalyzer

type FETAnalyzer struct{}

FETAnalyzer stands for "Fully Encrypted Traffic" analyzer. It implements an algorithm to detect fully encrypted proxy protocols such as Shadowsocks, mentioned in the following paper: https://gfw.report/publications/usenixsecurity23/data/paper/paper.pdf

func (*FETAnalyzer) Limit

func (a *FETAnalyzer) Limit() int

func (*FETAnalyzer) Name

func (a *FETAnalyzer) Name() string

func (*FETAnalyzer) NewTCP

func (a *FETAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream

type HTTPAnalyzer

type HTTPAnalyzer struct{}

func (*HTTPAnalyzer) Limit

func (a *HTTPAnalyzer) Limit() int

func (*HTTPAnalyzer) Name

func (a *HTTPAnalyzer) Name() string

func (*HTTPAnalyzer) NewTCP

func (a *HTTPAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream

type SSHAnalyzer

type SSHAnalyzer struct{}

func (*SSHAnalyzer) Limit

func (a *SSHAnalyzer) Limit() int

func (*SSHAnalyzer) Name

func (a *SSHAnalyzer) Name() string

func (*SSHAnalyzer) NewTCP

func (a *SSHAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream

type TLSAnalyzer

type TLSAnalyzer struct{}

func (*TLSAnalyzer) Limit

func (a *TLSAnalyzer) Limit() int

func (*TLSAnalyzer) Name

func (a *TLSAnalyzer) Name() string

func (*TLSAnalyzer) NewTCP

func (a *TLSAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream

type TrojanAnalyzer

type TrojanAnalyzer struct{}

TrojanAnalyzer uses a very simple packet length based check to determine if a TLS connection is actually the Trojan proxy protocol. The algorithm is from the following project, with small modifications: https://github.com/XTLS/Trojan-killer Warning: Experimental only. This method is known to have significant false positives and false negatives.

func (*TrojanAnalyzer) Limit

func (a *TrojanAnalyzer) Limit() int

func (*TrojanAnalyzer) Name

func (a *TrojanAnalyzer) Name() string

func (*TrojanAnalyzer) NewTCP

func (a *TrojanAnalyzer) NewTCP(info analyzer.TCPInfo, logger analyzer.Logger) analyzer.TCPStream