OpenBSD transparent packet router daemon based on TLS SNI information
$750-1500 USD
Lukket
Slået op næsten 10 år siden
$750-1500 USD
Betales ved levering
We need a daemon listening diverted SSL traffic with Packet Filter (pf) divert rule
( pass in quick on em1 inet proto tcp to port 443 divert-to [login to view URL] port 8443 ) in OpenBSD 5.5.
This daemon should get TLS SNI information from related socket when the first client's handshake hello packet comes. Then daemon will lookup the domain list in the memory which will be loaded from first run from the file.
1) If the SNI information matches any entry(SNI domains) in the list , daemon will route traffic to another daemon (listening diverted SSL traffic from [login to view URL] (we already have this daemon) ) within current session and without touching any traffic (client and destination IP) information
2) If the SNI information do not matches any entry(SNI domains) in the list, daemon will route traffic to another daemon (listening diverted SSL traffic from [login to view URL] (we already have this daemon) ) within current session and without touching any traffic (client and destination IP) information
3) If there is no SNI information, daemon will route traffic to another daemon (listening diverted SSL traffic from [login to view URL] (we already have this daemon) ) within current session and without touching any traffic (client and destination IP) information
Data Flow:
client -> em1:443 -> localhost:8443 (Requested Daemon) -> localhost: (1443,1444,1445 ) -> Internet
P.S: When this daemon gets any reload (kill -HUP) signal, filters must be reloaded.