/*
 * svc_ssh.c
 * SSH honeypot handler — banner + auth attempt capture + tarpit.
 */
#include "sdkconfig.h"

#ifdef CONFIG_MODULE_HONEYPOT

#include "svc_common.h"

void handle_ssh_client(int client_fd, const char *client_ip,
                       uint16_t client_port, hp_svc_desc_t *svc)
{
    char banner[128];
    hp_config_get_banner("ssh", banner, sizeof(banner));
    send(client_fd, banner, strlen(banner), 0);

    svc->connections++;
    event_send("SVC_CONNECT", "LOW", "00:00:00:00:00:00",
        client_ip, client_port, 22, "service=ssh", NULL);

    /* Read client version string / auth attempt */
    char buf[MAX_CLIENT_BUF];
    int n = recv(client_fd, buf, sizeof(buf) - 1, 0);
    if (n > 0) {
        buf[n] = '\0';
        while (n > 0 && (buf[n-1] == '\r' || buf[n-1] == '\n'))
            buf[--n] = '\0';

        svc->auth_attempts++;
        char detail[192];
        snprintf(detail, sizeof(detail), "service=ssh payload='%.128s'", buf);
        event_send("SVC_AUTH_ATTEMPT", "HIGH", "00:00:00:00:00:00",
            client_ip, client_port, 22, detail, NULL);
    }

    int tarpit = hp_config_get_threshold("tarpit_ms");
    if (tarpit > 0)
        vTaskDelay(pdMS_TO_TICKS(tarpit));
}

#endif