Documentation
¶
Index ¶
Constants ¶
const ( ASCIIByteCR uint8 = 0x0D ASCIIByteLF uint8 = 0x0A RDPCookieBytesMax = uint16(X224CrqLengthMax) - (X224CrqBytesTotal - 1) RDPCookieBytesMin = uint16(len(RDPCookiePrefix)) + 1 + 2 // 2 bytes for CR LF and at least 1 character RDPCookieBytesStart uint16 = 0 RDPCookieHashBytesMax = RDPCookieBytesMax - (RDPCookieBytesMin - 1) RDPCookiePrefix = "Cookie: mstshash=" RDPCorrInfoBytesTotal uint16 = 36 RDPCorrInfoType uint8 = 0x06 RDPCorrInfoFlags uint8 = 0x00 RDPCorrInfoLength = RDPCorrInfoBytesTotal RDPCorrInfoIdentityF4 uint8 = 0xF4 RDPCorrInfoReserved uint8 = 0x00 RDPCustomBytesMax = uint16(X224CrqLengthMax) - (X224CrqBytesTotal - 1) RDPCustomBytesMin uint16 = 1 + 2 // 2 bytes for CR LF and at least 1 character RDPCustomBytesStart uint16 = 0 RDPCustomInfoBytesMax = RDPCustomBytesMax - (RDPCustomBytesMin - 1) RDPCustomInfoBytesStart uint16 = 0 RDPNegReqBytesTotal uint16 = 8 RDPNegReqType uint8 = 0x01 RDPNegReqFlagAdminMode uint8 = 0x01 RDPNegReqFlagAuthMode uint8 = 0x02 RDPNegReqFlagCorrInfo uint8 = 0x08 RDPNegReqFlagsAll = RDPNegReqFlagAdminMode | RDPNegReqFlagAuthMode | RDPNegReqFlagCorrInfo RDPNegReqLength = RDPNegReqBytesTotal RDPNegReqProtoStandard uint32 = 0x00000000 RDPNegReqProtoSSL uint32 = 0x00000001 RDPNegReqProtoHybrid uint32 = 0x00000002 RDPNegReqProtoRDSTLS uint32 = 0x00000004 RDPNegReqProtoHybridEx uint32 = 0x00000008 RDPNegReqProtoRDSAAD uint32 = 0x00000010 RDPNegReqProtocolsAll = RDPNegReqProtoStandard | RDPNegReqProtoSSL | RDPNegReqProtoHybrid | RDPNegReqProtoRDSTLS | RDPNegReqProtoHybridEx | RDPNegReqProtoRDSAAD RDPTokenBytesMin uint16 = 11 RDPTokenBytesStart uint16 = 0 RDPTokenVersion uint8 = 0x03 RDPTokenReserved uint8 = 0x00 RDPTokenOptionalCookieBytesMax = uint16(len(RDPTokenOptionalCookiePrefix)) + 10 + 2 + 5 + 4 + 2 + 0 RDPTokenOptionalCookieBytesMin = uint16(len(RDPTokenOptionalCookiePrefix)) + 1 + 2 + 1 + 4 + 2 + 0 RDPTokenOptionalCookieBytesStart uint16 = 0 RDPTokenOptionalCookiePrefix = "Cookie: msts=" RDPTokenOptionalCookieReserved = "0000" RDPTokenOptionalCookieSeparator uint8 = 0x2E TPKTHeaderBytesStart uint16 = 0 TPKTHeaderBytesTotal uint16 = 4 TPKTHeaderReserved uint8 = 0x00 TPKTHeaderVersion uint8 = 0x03 X224CrqBytesStart = TPKTHeaderBytesStart + TPKTHeaderBytesTotal X224CrqBytesTotal uint16 = 7 X224CrqLengthMax uint8 = 254 // 255 is reserved for possible extensions X224CrqTypeCredit uint8 = 0xE0 // also known as TPDU code X224CrqDstRef uint16 = 0x0000 X224CrqSrcRef uint16 = 0x0000 X224CrqClassOptions uint8 = 0x00 RDPConnReqBytesMax = TPKTHeaderBytesTotal + uint16(X224CrqLengthMax) + 1 // 1 byte for X224Crq.Length RDPConnReqBytesMin = TPKTHeaderBytesTotal + X224CrqBytesTotal )
Constants specific to RDP Connection Request. Packet structure is described in the comments below.
Variables ¶
var ( RDPCorrInfoBytesOrder = binary.LittleEndian RDPNegReqBytesOrder = binary.LittleEndian RDPTokenBytesOrder = binary.BigEndian TPKTHeaderBytesOrder = binary.BigEndian X224CrqBytesOrder = binary.BigEndian )
Variables specific to RDP Connection Request. Packet structure is described in the comments below.
Functions ¶
This section is empty.
Types ¶
type MatchRDP ¶
type MatchRDP struct {
CookieHash string `json:"cookie_hash,omitempty"`
CookieHashRegexp string `json:"cookie_hash_regexp,omitempty"`
CookieIPs []string `json:"cookie_ips,omitempty"`
CookiePorts []uint16 `json:"cookie_ports,omitempty"`
CustomInfo string `json:"custom_info,omitempty"`
CustomInfoRegexp string `json:"custom_info_regexp,omitempty"`
// contains filtered or unexported fields
}
MatchRDP is able to match RDP connections.
func (*MatchRDP) CaddyModule ¶
func (m *MatchRDP) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*MatchRDP) Match ¶
func (m *MatchRDP) Match(cx *layer4.Connection) (bool, error)
Match returns true if the connection looks like RDP.
func (*MatchRDP) Provision ¶
Provision parses m's IP ranges, either from IP or CIDR expressions, and regular expressions.
func (*MatchRDP) UnmarshalCaddyfile ¶
UnmarshalCaddyfile sets up the MatchRDP from Caddyfile tokens. Syntax:
rdp {
cookie_hash <value>
}
rdp {
cookie_hash_regexp <value>
}
rdp {
cookie_ip <ranges...>
cookie_port <ports...>
}
rdp {
custom_info <value>
}
rdp {
custom_info_regexp <value>
}
rdp
Note: according to the protocol documentation, RDP cookies and tokens are optional, i.e. it depends on the client whether they are included in the first packet (RDP Connection Request) or not. Besides, no valid RDP CR packet must contain cookie_hash ("mstshash") and cookie_ip:cookie_port ("msts") at the same time, i.e. Match will always return false if cookie_hash and any of cookie_ip and cookie_port are set simultaneously. If this matcher has cookie_hash option, but a valid RDP CR packet doesn't have it, Match will return false. If this matcher has a set of cookie_ip and cookie_port options, or any of them, but a valid RDP CR packet doesn't have them, Match will return false.
There are some RDP clients (e.g. Apache Guacamole) that support any text to be included into an RDP CR packet instead of "mstshash" and "msts" cookies for load balancing and/or routing purposes, parsed here as custom_info. If this matcher has custom_info option, but a valid RDP CR packet doesn't have it, Match will return false. If custom_info option is combined with cookie_hash, cookie_ip or cookie_port, Match will return false as well.
type RDPCorrInfo ¶
type RDPCorrInfo struct {
Type uint8
Flags uint8
Length uint16
Identity [16]uint8
Reserved [16]uint8
}
func (*RDPCorrInfo) FromBytes ¶
func (i *RDPCorrInfo) FromBytes(src []byte) error
func (*RDPCorrInfo) ToBytes ¶
func (i *RDPCorrInfo) ToBytes() ([]byte, error)
type RDPToken ¶
type TPKTHeader ¶
func (*TPKTHeader) FromBytes ¶
func (h *TPKTHeader) FromBytes(src []byte) error
func (*TPKTHeader) ToBytes ¶
func (h *TPKTHeader) ToBytes() ([]byte, error)
Source Files