This is lightweight TLS proxy sniffer written on go for traffice DSCP (ToS) marking based on SNI (tls server name). Main desire for this project was to let Mikrotik RouterOS be able to route TLS requests conditionally based on domain-name.
Just install go and run go build or GOOS=<OS> GOARCH=<CPUARCH> go build for cross compilation
If you want to run it in Docker, use standrt procedure to build docker container (current version might require arch update and filename, but will be fixed in a future)
After getting executable you need either:
- Create file
config.jsonnext to executable file - Put config file somewhere on your disk and supply path through the first argument
Config file structure:
{
"defaultDscp": 20,
"levels" :[
{
"patterns": [
"regex-domain-name, like: googele\\.com",
"next domain and etc..."
],
"dscp": 30
}
],
"bindSocket": "<socket addr",
"logLevel": "level"
}
defaultDscp, bindSocket and logLevel are not required. Defaults: defaultDscp = 0, bindSocket = :443, logLevel = Info.
Field description
bindSocket: socket (IP and port) where tcp listenere binds to. Must be in format likeHOST:PORT, whereHOSTmight be ommited (see go tcp listener docs&examples).defaultDscpanddscp: represents desired DSCP value. Must be in a range0..63.defaultDscpis used if no specific rule has been hit.logLevel: verbosity of log output. Seelogruspackage documentation for more infromationpatterns: array of regex strings for given level. Be mindful that regex slightly different to just strings, and, for example, you must escape characters, like.:google\\.com.levels: array of object rules describing pattern and desired DSCP value. Programs scans levels in their natural presence order and hits first matching rule. This allows you to make complex behavior, including exlusions. SameDSCPvalue could be present as many times as required.
Launch cli (linux example)
./tlsSniProxy
or
./tlsSniProxy /path/to/config
Coming soon