Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add $network basic rules modifier to solve the issue with loading ads through WebRTC #1297

Closed
ameshkov opened this issue Sep 17, 2016 · 15 comments

Comments

@ameshkov ameshkov added this to the 6.1 R2 milestone Sep 17, 2016
@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Sep 21, 2016

@ameshkov ameshkov modified the milestones: 6.2, 6.1 R2 Sep 29, 2016
@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Sep 29, 2016

1755001826 is another way of writing 104.155.51.226

it receives an IP address from the STUN server that doesn't belong to the client - and it uses this IP address to build the pop-up address

@theseanl

This comment has been minimized.

@ameshkov ameshkov modified the milestones: 6.1 R3, 6.2 Jan 15, 2017
@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jan 15, 2017

Here is what I propose.

For standalone programs (including Android and Mac), we can implement a new basic rule modifier, which will block access to a specified ip:port pair.

I suggest to name it network, to emphasize, that it blocks network access to the specified endpoint entirely.

Examples:
174.129.166.49:3478^$network
[2001:4860:4860::8888]:443$network
174.129.166.49$network -- completely blocks access to the specified IP

This is relatively easy to do in standalone programs. However, this is absolutely impossible in case of the browser extensions. We should come up with another solution in their case. I guess we can override RTC-* objects as a temporary solution.

@adbuker

This comment has been minimized.

Copy link

commented Jan 24, 2017

ADWIN-CR-115

@adbuker adbuker closed this Jan 26, 2017
@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jan 27, 2017

I don't like how it works for TCP protocol.

Instead of immediately closing the affected connection, it is stuck forever.

@ameshkov ameshkov reopened this Jan 27, 2017
@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jan 27, 2017

@adbuker don't forget to create the same tasks in Android and Mac repos.

@ameshkov ameshkov changed the title STUN is used to load ads through WebRTC Add $network basic rules modifier to solve the issue with loading ads through WebRTC Jan 27, 2017
@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jan 27, 2017

We should also cover all UDP ports in order for this to work properly.

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jan 27, 2017

One more question: what exact rules are used when you check IPv6 address?
Do you collapse IPv6 using ::?

@adbuker

This comment has been minimized.

Copy link

commented Jan 30, 2017

@ameshkov if you use rules, contains ipv6, you should use "collapsed" syntax, e.g. use rule [2001:4860:4860::8888]$network instead of [2001:4860:4860:0:0:0:0:8888]$network

@adbuker

This comment has been minimized.

Copy link

commented Jan 30, 2017

to taking into account the issue with "home media server filtering" we need to create driver - filtering rule to allow the activity without filtering transmitted packets for specified udp-ports, used in home media server.
ProtocolFiltersLog.txt

@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Jan 30, 2017

Nothing about UDP in that file. You should analyze driver's log. @suhan3z can teach you how to use traceview utility and read that log.

@adbuker

This comment has been minimized.

Copy link

commented Jan 30, 2017

in the end, it turned out that we shouldn't add to any udp-ports to exceptions

@adbuker adbuker closed this Jan 30, 2017
@ameshkov

This comment has been minimized.

Copy link
Member Author

commented Feb 1, 2017

@ameshkov if you use rules, contains ipv6, you should use "collapsed" syntax, e.g. use rule [2001:4860:4860::8888]$network instead of [2001:4860:4860:0:0:0:0:8888]$network

@adbuker there should be a unit test checking it.

@ameshkov ameshkov reopened this Feb 1, 2017
@adbuker

This comment has been minimized.

Copy link

commented Feb 1, 2017

add unit test for it in ADWIN-CR-115.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.