Blacklist/whitelist feature #19
Comments
|
This is a feature I also want. However, it is not so simple to implement. The problem is the SYN and ACKs should also be excluded, and these packets come before any packet with the domain name. Also, parsing the domain name at the packet level is problematic, since it can be split over multiple packets, as you are aware. Probably the correct way to implement this is to sniff DNS to find the IP addresses corresponding to white/blacklisted domains, then filter based on the IP address. I may add this feature eventually. Currently I am working on modernizing the |
|
You can set fixed low split value like 1 or 2 to be able to handle the packet without first byte(s). This is a hack, but it works. |
|
IP-based black/white lists are fine for the first time too. |
|
Yes, I agree that an IP blacklist/whitelist feature is a good idea initially. I may take a while for new features to be implemented though. |
ReQrypt is mostly used for only certain (blocked) websites, but current version does not support blacklists or whitelists. Implementing black/whitelists feature would reduce server's bandwidth usage and would not affect non-blocked websites' speed.
HTTP websites should be detected by parsing host header. HTTPS SNI detection code could be grabbed from sniproxy project: https://github.com/dlundquist/sniproxy/blob/master/src/tls.c
The text was updated successfully, but these errors were encountered: