reqrypt icon indicating copy to clipboard operation
reqrypt copied to clipboard

Published 20 hours ago verified publisher icon basil00

Blacklist/whitelist feature

Open ValdikSS opened this issue 7 years ago • 4 comments

ReQrypt is mostly used for only certain (blocked) websites, but current version does not support blacklists or whitelists. Implementing black/whitelists feature would reduce server's bandwidth usage and would not affect non-blocked websites' speed.

HTTP websites should be detected by parsing host header. HTTPS SNI detection code could be grabbed from sniproxy project: https://github.com/dlundquist/sniproxy/blob/master/src/tls.c

ValdikSS avatar Mar 15 '18 11:03 ValdikSS

This is a feature I also want.

However, it is not so simple to implement. The problem is the SYN and ACKs should also be excluded, and these packets come before any packet with the domain name. Also, parsing the domain name at the packet level is problematic, since it can be split over multiple packets, as you are aware.

Probably the correct way to implement this is to sniff DNS to find the IP addresses corresponding to white/blacklisted domains, then filter based on the IP address.

I may add this feature eventually. Currently I am working on modernizing the crypt encoding.

basil00 avatar Mar 16 '18 01:03 basil00

You can set fixed low split value like 1 or 2 to be able to handle the packet without first byte(s). This is a hack, but it works.

ValdikSS avatar Mar 17 '18 15:03 ValdikSS

IP-based black/white lists are fine for the first time too.

ValdikSS avatar Mar 18 '18 13:03 ValdikSS

Yes, I agree that an IP blacklist/whitelist feature is a good idea initially.

I may take a while for new features to be implemented though.

basil00 avatar Mar 20 '18 01:03 basil00