Comments (5)
tobyxdd
commented on May 20, 2024
You mean analyzers that work at the IP layer? Is there any real use for that (e.g. any protocol that needs it?)
from opengfw.
KujouRinka
commented on May 20, 2024
Yes. Some applications connect to fixed IP addresses for communication instead of domain (e.g. telegram, QQ, etc.). Supporting this may make block these ones easily. Furthermore, there's also possibility that pass IP address to upper analyzers, combining them together for more precise traffic marking (e.g A request with non-mainland IP but followed with such as baidu.com http/https header could be suspected to be obfuscated traffic).
from opengfw.
tobyxdd
commented on May 20, 2024
Analyzers only provide props for rules, they don't make verdict themselves. Also, there are already built-in props that pass information like ip/port to expressions: https://github.com/apernet/OpenGFW/blob/master/ruleset/expr.go#L145
from opengfw.
tobyxdd
commented on May 20, 2024
Basically you can have rules like geoip(ip.dst) != "cn" && tls != nil && tls.req.sni == "baidu.com"
Although geoip function doesn't exist at the moment. Definitely something we should offer in the future.
from opengfw.
KujouRinka
commented on May 20, 2024
Thanks for your answer. I apologize for not reading the source code carefully.
from opengfw.
Related Issues (20)
- 能屏蔽openvpn吗 HOT 3
- Openwrt lean x86_64 运行提示缺少文件,但不知道缺少什么。 HOT 2
- Is the "Great Cannon" available? HOT 2
- can openvpn be blocked? HOT 1
- engine exited {"error": "exit status 1"} HOT 1
- Hidden dependency to iptables command HOT 1
- Can anyone identify the author? HOT 1
- 希望开发者能考虑弄一下这个
- 2024-03-24T04:05:45Z INFO engine exited {"error": "could not unbind existing handlers (if any): netlink receive: invalid argument"} HOT 9
- add matched rule name in log and debug outputs? HOT 1
- whitelist HOT 1
- [Function Request] Trojan injection? HOT 1
- [Function Request] Account & Password Record HOT 1
- 增加对pcap的支持以方便调试
- 热重载时内存泄漏
- 疑似 NTP 数据包被识别成 DNS 数据包 HOT 2
- 在 config.yaml 中指定的 geoip.dat/geodata.dat 路径不生效 HOT 2
- Running under Raspbian results in "netlink receive: operation not supported" HOT 2
- 添加王者荣耀放技能50%概率丢包的功能 HOT 1
- Improve DNS modifier to use a pool of forged IP addresses
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opengfw.