Closed utoni closed 3 years ago
This is an interesting use case. I never looked into it, but intuitively I would have expected corporate firewalls to not let UDP out on 443... Then again, I suppose if Google is pushing it, that channel might open little by litte :-)
My first thoughts:
sslh
to keep track of connection states, essentially doing the work of a NAT server.Release info here: https://lists.rutschle.net/mailman/archives/sslh/2020-December/000738.html
I'm particularly interested by DTLS and QUIC probes :-) On my side, I'll still work on the UDP integration for a while, it still needs work.
You can take a look into the test pcaps from nDPI.
Checkout the subfolder tests/pcap/(dtls|quic*).pcap
, this may be interesting for you.
Thank you very much for your hard work. <3 UDP support just works fine w/o any issues.
I'm looking forward for a official release, so package maintainers can also profit from your effort. ;)
FYI, UDP integration is coming (slowly), I should have a "crappy working" version (which will work with a hard limit of connections and probably fairly heavy CPU usage) soon-ish, and a production version coming after that.
If you have working probes DTLS and/or QUICK, would you mind posting them so I can add them as example, and maybe make hardcoded probes (which will probably work orders of magnitude faster than a regex probe).
I recommend nDPI
pcaps used for diff tests e.g.:
dtls pcap
yet another dtls pcap
gQUIC
QUIC
and many more
I can also record some additional pcaps if required. Or I can just C&P the regex I've used. Not sure if this will help you.
UDP is now "acceptably working", there is no longer a limit on the number of connections. I think I'll freeze there and make release to get it out, before improving further.
Yes, I'll be interested in your regexes to include as examples, unless they are too tied to your setup (I know little about QUICK). I I am not really in a place where I have the time or the setup to test QUIC myself, so...
For my test setup I'm currently using:
# Teamspeak3
{ name: "regex"; host: "teamspeak.test.lan"; is_udp: true; port: "9987"; regex_patterns: [ "TS3INIT1" ]; },
# IETF QUIC-50
# Remember that the regex needs to be adjusted for every supported QUIC version.
{ name: "regex"; host: "quic50.test.lan"; is_udp: true; port: "4433"; regex_patterns: [ "\x51\x30\x35\x30" ]; },
Not tested, but also required:
{ name: "openvpn"; host: "openvpn.test.lan"; is_udp: true; port: "1134"; },
What do you think about UDP support? As QUIC is evolving further and further it might be interesting for
sslh
users. My current scenario requires to distinguish between DTLS, QUIC and a proprietary protocol (client initiated; stable pattern in the first packet available).What do you think about it?