Detect TLS connections

5 years ago · a0454b8aff
parent 89704db220
commit a0454b8aff
2 changed files with 2 additions and 1 deletions
--- a/src/dns.rs
+++ b/src/dns.rs
@ -6,7 +6,7 @@ use byteorder::{BigEndian, ByteOrder, WriteBytesExt};
 pub const DNS_MAX_HOSTNAME_SIZE: usize = 256;
 pub const DNS_HEADER_SIZE: usize = 12;
 pub const DNS_OFFSET_FLAGS: usize = 2;
-pub const DNS_MAX_PACKET_SIZE: usize = 8192;
+pub const DNS_MAX_PACKET_SIZE: usize = 0x1600;

 const DNS_MAX_INDIRECTIONS: usize = 16;
 const DNS_FLAGS_TC: u16 = 2u16 << 8;
--- a/src/main.rs
+++ b/src/main.rs
@ -262,6 +262,7 @@ async fn tcp_acceptor(globals: Arc<Globals>, tcp_listener: TcpListener) -> Resul
            let mut binlen = [0u8, 0];
            client_connection.read_exact(&mut binlen).await?;
            let packet_len = BigEndian::read_u16(&binlen) as usize;
+            ensure!(packet_len != 0x1603, "TLS traffic");
            ensure!(
                (DNS_HEADER_SIZE..=DNSCRYPT_TCP_QUERY_MAX_SIZE).contains(&packet_len),
                "Unexpected query size"