Documentation
¶
Index ¶
- Constants
- Variables
- type MatchWinbox
- type MessageAuth
- func (msg *MessageAuth) DisableRoMON()
- func (msg *MessageAuth) EnableRoMON()
- func (msg *MessageAuth) FromBytes(src []byte) error
- func (msg *MessageAuth) FromChunks(chunks []*MessageChunk) error
- func (msg *MessageAuth) GetPublicKey() ([]byte, uint8)
- func (msg *MessageAuth) GetRoMON() bool
- func (msg *MessageAuth) GetUsername() string
- func (msg *MessageAuth) ToBytes() []byte
- func (msg *MessageAuth) ToChunks() []*MessageChunk
- type MessageChunk
Constants ¶
View Source
const ( MessageAuthBytesMax = 4 + MessageAuthUsernameBytesMax + 1 + MessageAuthPublicKeyBytesTotal + 1 MessageAuthBytesMin = 2 + MessageAuthUsernameBytesMin + 1 + MessageAuthPublicKeyBytesTotal + 1 MessageAuthPublicKeyBytesTotal = 32 MessageAuthUsernameBytesMax = 255 // Assume nobody sets usernames longer than 255 characters MessageAuthUsernameBytesMin = 1 MessageAuthUsernameRoMONSuffix = "+r" MessageChunkBytesMin = 1 MessageChunkBytesMax = 255 MessageChunkBytesDelimiter uint8 = 0x00 MessageChunkTypeAuth uint8 = 0x06 MessageChunkTypePrev uint8 = 0xFF ModeStandard = "standard" ModeRoMON = "romon" )
Variables ¶
View Source
var ( ErrInvalidMode = errors.New("invalid mode") ErrIncorrectSourceBytes = errors.New("incorrect source bytes") ErrNotEnoughSourceBytes = errors.New("not enough source bytes") MessageAuthUsernameRegexp = regexp.MustCompile("^[0-9A-Za-z](?:[-#.0-9@A-Z_a-z]+[0-9A-Za-z])?$") )
Functions ¶
This section is empty.
Types ¶
type MatchWinbox ¶
type MatchWinbox struct {
// Modes contains a list of supported Winbox modes to match against incoming auth messages:.
//
// - `standard` mode is a default one (it used to be called 'secure' mode in previous versions of Winbox);
//
// - `romon` mode makes the destination router act as an agent so that its neighbour routers
// in isolated L2 segments could be reachable by the clients behind the agent.
//
// Notes: Each mode shall only be present once in the list. Values in the list are case-insensitive.
// If the list is empty, MatchWinbox will consider all modes as acceptable.
Modes []string `json:"modes,omitempty"`
// Username is a plaintext username value to search for in the incoming connections. In Winbox it is what
// the user types into the login field. According to the docs, it must start and end with an alphanumeric
// character, but it can also include "_", ".", "#", "-", and "@" symbols. No maximum username length is
// specified in the docs, so this matcher applies a reasonable limit of no more than 255 characters. If
// Username contains at least one character, UsernameRegexp is ignored. If Username contains placeholders,
// they are evaluated at match.
Username string `json:"username,omitempty"`
// UsernameRegexp is a username pattern to match the incoming connections against. This matcher verifies
// that any username matches MessageAuthUsernameRegexp, so UsernameRegexp must not provide a wider pattern.
// UsernameRegexp is only checked when Username is empty. If UsernameRegexp contains any placeholders, they
// are evaluated at provision.
UsernameRegexp string `json:"username_regexp,omitempty"`
// contains filtered or unexported fields
}
MatchWinbox matches any connections that look like those initiated by Winbox, a graphical tool developed by SIA Mikrotīkls, Latvia for their hardware and software routers management. As of v3.41 and v4.0 the tool used an undocumented proprietary protocol. This matcher is based on a number of recent studies describing RouterOS architecture and vulnerabilities, especially the ones published by Margin Research.
func (*MatchWinbox) CaddyModule ¶
func (m *MatchWinbox) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*MatchWinbox) Match ¶
func (m *MatchWinbox) Match(cx *layer4.Connection) (bool, error)
Match returns true if the connection bytes match the regular expression.
func (*MatchWinbox) Provision ¶
func (m *MatchWinbox) Provision(_ caddy.Context) (err error)
Provision prepares m's internal structures.
func (*MatchWinbox) UnmarshalCaddyfile ¶
func (m *MatchWinbox) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
UnmarshalCaddyfile sets up the MatchWinbox from Caddyfile tokens. Syntax:
winbox {
modes <standard|romon> [<...>]
username <value>
username_regexp <pattern>
}
winbox
Note: username and username_regexp options are mutually exclusive.
type MessageAuth ¶
MessageAuth is the first message the client sends to the server. It contains a plaintext username, an optional '+r' string concatenated to the username to request the RoMON mode, and a public key.
func (*MessageAuth) DisableRoMON ¶
func (msg *MessageAuth) DisableRoMON()
func (*MessageAuth) EnableRoMON ¶
func (msg *MessageAuth) EnableRoMON()
func (*MessageAuth) FromBytes ¶
func (msg *MessageAuth) FromBytes(src []byte) error
func (*MessageAuth) FromChunks ¶
func (msg *MessageAuth) FromChunks(chunks []*MessageChunk) error
func (*MessageAuth) GetPublicKey ¶
func (msg *MessageAuth) GetPublicKey() ([]byte, uint8)
func (*MessageAuth) GetRoMON ¶
func (msg *MessageAuth) GetRoMON() bool
func (*MessageAuth) GetUsername ¶
func (msg *MessageAuth) GetUsername() string
func (*MessageAuth) ToBytes ¶
func (msg *MessageAuth) ToBytes() []byte
func (*MessageAuth) ToChunks ¶
func (msg *MessageAuth) ToChunks() []*MessageChunk
type MessageChunk ¶
MessageChunk is a part of a bigger message. It may contain no more than 255 bytes.
Source Files
Click to show internal directories.
Click to hide internal directories.