Merge pull request #428 from safing/feature/primitive-encryption-detection

Add primitive encryption detection for until the inspection framework is merged
2021-10-29 14:13:51 +02:00
parent 0c38c37e1b 7def0704a1
commit 304879b6da
1 changed files with 14 additions and 1 deletions
--- a/firewall/interception.go
+++ b/firewall/interception.go
@@ -382,9 +382,22 @@ func initialHandler(conn *network.Connection, pkt packet.Packet) {
 		}
 	}

-	// TODO: enable inspecting again
+	// TODO: Enable inspection framework again.
 	conn.Inspecting = false

+	// TODO: Quick fix for the SPN.
+	// Use inspection framework for proper encryption detection.
+	switch conn.Entity.DstPort() {
+	case
+		22,  // SSH
+		443, // HTTPS
+		465, // SMTP-SSL
+		853, // DoT
+		993, // IMAP-SSL
+		995: // POP3-SSL
+		conn.Encrypted = true
+	}
+
 	switch {
 	case conn.Inspecting:
 		log.Tracer(pkt.Ctx()).Trace("filter: start inspecting")