Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-02 15:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
982880ccfe
SSLproxy/tests
History
Soner Tari 982880ccfe Restructure passsite filter data structure 
Now we don't go over all of the passsite rules in a linked list trying
to apply passsite to the sni or common names of a conn. Instead, we now
have user+keyword, keyword, ip, and all lists. For example, if we find
the conn user in the user+keyword list and a passsite in that list
matches, we don't look into other lists.

This change is expected to improve the performance of passsite
processing considerably, because in the earlier implementation we had to
go over all of the passsite rules trying to match passsite.

And this solution uses a correct data structure, even if not the best.
For example, each user or keyword in passsite rules is strdup()'ed only
once.

Note that a better solution could use, say, a hash table for users,
instead of a linked list. But hash tables are not suitable for keywords
or sites, because we search for substring matches with them, not exact
matches.

Also, this fixes passsite rules without any filters defined, i.e. to be
applied to all connections.

Also, now e2e tests error exit if WITHOUT_USERAUTH is enabled. E2e tests
require UserAuth enabled.
2021-09-07 18:52:52 +03:00
..
check Restructure passsite filter data structure 2021-09-07 18:52:52 +03:00
testproxy Restructure passsite filter data structure 2021-09-07 18:52:52 +03:00