Conversation
|
Actually, do not merge this - I'll make a new PR after the plugins feature is implemented. However, do feel free to review it in the meanwhile. |
CapacitorSet
force-pushed
the
config-ports
branch
2 times, most recently
from
855710e to
155d97f
Compare
This is a minor redesign of the Honeytrap model, where the focus of the configuration moves from services (a list of services each with their ports) to ports (a list of ports with their services, and a list of port-agnostic services). As a consequence of this redesign, it is now possible to define a priority model for services on the same port. Simply put, services that come first take a higher priority (i.e. are tested first for compatibility with the connection). An example application for this is running TR-069 and HTTP on the same port: TR-069 is HTTP-based but more specific, so it should be tested first, with HTTP being a fallback.
CapacitorSet
force-pushed
the
config-ports
branch
from
155d97f to
9d4bdbf
Compare
|
Nevermind, I rebased it successfully onto master, and it seems that it doesn't conflict with the plugins branch so it should work correctly with the feature. This PR is ready for merging, as far as I'm concerned. |
server/honeytrap.go
Outdated
| } else if err != nil { | ||
| log.Errorf(color.RedString("Could not peek bytes: %s", err.Error())) | ||
| return nil | ||
| return nil, nil |
There was a problem hiding this comment.
shouldn't it return an error or return the original conn?
server/honeytrap.go
Outdated
| n = _n // avoid silly "variable not used" warning | ||
| if err == io.EOF { | ||
| return nil | ||
| return nil, nil |
There was a problem hiding this comment.
shouldn't it return an error or return the original conn?
server/honeytrap.go
Outdated
| } | ||
| // No service can handle the connection. Let the caller deal with it. | ||
| return nil | ||
| return nil, nil |
There was a problem hiding this comment.
shouldn't it return the original conn?
There was a problem hiding this comment.
What would be the point in returning the original connection?
|
Should we give warnings for ports that don't have services configured? |
CapacitorSet
force-pushed
the
config-ports
branch
from
ec1a486 to
00cab0b
Compare
CapacitorSet
force-pushed
the
config-ports
branch
from
00cab0b to
f60178f
Compare
|
I added an error return value for findService, and a warning for empty ports. |
2 participants
Fixes #219: the configuration is based around ports and not around services, as discussed in chat. Also fixes #215.
Commit e86fd10 has a more accurate description: