tcpproxy icon indicating copy to clipboard operation
tcpproxy copied to clipboard

Published 20 hours ago verified publisher icon inetaf

Add possibility to match using SNI and source address

Open georgmu opened this issue 6 years ago • 1 comments

The Matcher has a context parameter, which is only initialized with context.TODO()

When doing some basic ACL stuff (e.g. allow access for sni foo from 10.0.0.0/8, deny from all), it would be nice to somehow have the source available in the matcher function. Since there already is a context, it would be nice to add the source to this context.

georgmu avatar Sep 05 '18 21:09 georgmu

I solved the problem by wrapping the DialProxy in a ACLDialProxy, doing the subnet matching in HandleConn before calling HandleConn of the DialProxy.

Accessing the connection in the match function would still be nice

georgmu avatar Sep 06 '18 08:09 georgmu