If I am understanding the code correctly, OnFirewallCheck(FirewallRequest request) in program.cs is meant to decide weather to filter or not. So far, I've used the ip addresses and compared them to the known ips that I'd like to filter. The problem is that domains stay the same and servers (along with IPs) change.
The approach I wanted to try out is to inspect SNI server names in TLS client hello packages. The problem is that HandleNewTcpConnection is called before client hello is sent, and you only get to decide based on ips. Am I missing something or is this the end of story with regard to SNI filtering?
If I am understanding the code correctly, OnFirewallCheck(FirewallRequest request) in program.cs is meant to decide weather to filter or not. So far, I've used the ip addresses and compared them to the known ips that I'd like to filter. The problem is that domains stay the same and servers (along with IPs) change.
The approach I wanted to try out is to inspect SNI server names in TLS client hello packages. The problem is that HandleNewTcpConnection is called before client hello is sent, and you only get to decide based on ips. Am I missing something or is this the end of story with regard to SNI filtering?