filtering

package
v0.0.0-...-7d1b61d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2023 License: GPL-3.0 Imports: 14 Imported by: 0

Documentation

Overview

Package filtering allows to implement self-censorship. We expose proxies implementing filtering policies for DNS, TLS, and HTTP.

Index

Constants

View Source 
const (
	// DNSActionNXDOMAIN replies with NXDOMAIN.
	DNSActionNXDOMAIN = DNSAction("nxdomain")

	// DNSActionRefused replies with Refused.
	DNSActionRefused = DNSAction("refused")

	// DNSActionLocalHost replies with `127.0.0.1` and `::1`.
	DNSActionLocalHost = DNSAction("localhost")

	// DNSActionNoAnswer returns an empty reply.
	DNSActionNoAnswer = DNSAction("no-answer")

	// DNSActionTimeout never replies to the query.
	DNSActionTimeout = DNSAction("timeout")

	// DNSActionCache causes the server to check the cache. If there
	// are entries, they are returned. Otherwise, NXDOMAIN is returned.
	DNSActionCache = DNSAction("cache")

	// DNSActionLocalHostPlusCache combines the LocalHost and
	// Cache actions returning first a localhost response followed
	// by a subsequent response obtained using the cache.
	DNSActionLocalHostPlusCache = DNSAction("localhost+cache")
)
View Source 
const (
	// HTTPActionReset resets the connection.
	HTTPActionReset = HTTPAction("reset")

	// HTTPActionTimeout causes the connection to timeout.
	HTTPActionTimeout = HTTPAction("timeout")

	// HTTPActionEOF causes the connection to EOF.
	HTTPActionEOF = HTTPAction("eof")

	// HTTPAction451 causes the proxy to return a 451 error.
	HTTPAction451 = HTTPAction("451")

	// HTTPActionDoH causes the proxy to return a sensible reply
	// with static IP addresses if the request is DoH.
	HTTPActionDoH = HTTPAction("doh")
)
View Source 
const (
	// TLSActionReset resets the connection.
	TLSActionReset = TLSAction("reset")

	// TLSActionTimeout causes the connection to timeout.
	TLSActionTimeout = TLSAction("timeout")

	// TLSActionEOF closes the connection.
	TLSActionEOF = TLSAction("eof")

	// TLSActionAlertInternalError sends an internal error
	// alert message to the TLS client.
	TLSActionAlertInternalError = TLSAction("internal-error")

	// TLSActionAlertUnrecognizedName tells the client that
	// it's handshaking with an unknown SNI.
	TLSActionAlertUnrecognizedName = TLSAction("alert-unrecognized-name")

	// TLSActionBlockText returns a static piece of text
	// to the client saying this website is blocked.
	TLSActionBlockText = TLSAction("block-text")
)

Variables

View Source 
var HTTPBlockpage451 = []byte(`<html><head>
  <title>451 Unavailable For Legal Reasons</title>
</head><body>
  <center><h1>451 Unavailable For Legal Reasons</h1></center>
  <p>This content is not available in your jurisdiction.</p>
</body></html>
`)

HTTPBlockPage451 is the block page returned along with status 451

Functions

This section is empty.

Types

type DNSAction 

type DNSAction string

DNSAction is a DNS filtering action that a DNSServer should take.

type DNSListener 

type DNSListener interface {
	io.Closer
	LocalAddr() net.Addr
}

DNSListener is the interface returned by DNSServer.Start.

type DNSServer 

type DNSServer struct {
	// Cache is the OPTIONAL DNS cache. Note that the keys of the map
	// must be FQDNs (i.e., including the final `.`).
	Cache map[string][]string

	// OnQuery is the MANDATORY hook called whenever we
	// receive a query for the given domain.
	OnQuery func(domain string) DNSAction
	// contains filtered or unexported fields
}

DNSServer is a DNS server implementing filtering policies.

func (*DNSServer) Start 

func (p *DNSServer) Start(address string) (DNSListener, error)

Start starts this server.

type HTTPAction 

type HTTPAction string

HTTPAction is an HTTP filtering action that this server should take.

type HTTPServer 

type HTTPServer struct {
	// contains filtered or unexported fields
}

HTTPServer is a server that implements filtering policies.

func NewHTTPServerCleartext 

func NewHTTPServerCleartext(action HTTPAction) *HTTPServer

NewHTTPServerCleartext creates a new HTTPServer using cleartext HTTP.

func NewHTTPServerTLS 

func NewHTTPServerTLS(action HTTPAction) *HTTPServer

NewHTTPServerTLS creates a new HTTP server using HTTPS.

func (*HTTPServer) Close 

func (p *HTTPServer) Close() error

Close closes the server ASAP.

func (*HTTPServer) ServeHTTP 

func (p *HTTPServer) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP serves HTTP requests

func (*HTTPServer) TLSConfig 

func (p *HTTPServer) TLSConfig() *tls.Config

TLSConfig returns a suitable base TLS config for the client.

func (*HTTPServer) URL 

func (p *HTTPServer) URL() *url.URL

URL returns the server's URL

type TLSAction 

type TLSAction string

TLSAction is a TLS filtering action that this proxy should take.

type TLSServer 

type TLSServer struct {
	// contains filtered or unexported fields
}

TLSServer is a TLS server implementing filtering policies.

func NewTLSServer 

func NewTLSServer(action TLSAction) *TLSServer

NewTLSServer creates and starts a new TLSServer that executes the given action during the TLS handshake.

func (*TLSServer) CertPool 

func (p *TLSServer) CertPool() *x509.CertPool

CertPool returns the internal CA as a cert pool.

func (*TLSServer) Close 

func (p *TLSServer) Close() error

Close closes this server as soon as possible.

func (*TLSServer) Endpoint 

func (p *TLSServer) Endpoint() string

Endpoint returns the endpoint where the server is listening.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.