there exists an iptables extension called xt_tls - https://github.com/Lochnair/xt_tls that can look into TLS SNI field
and classify traffic based on TLS hostnames present in TLS handshake phase.
It would be much more efficient and resource friendly than general L7 protocol regex matching.
Usage: QoS, filtering and others.
Example usage (example written using iptables syntax)
Code: Select all
iptables -t mangle -p tcp --dport 443 -m tls --tls-host "*.facebook.com" -j mark --set-mark 123
iptables -t mangle -p tcp --dport 443 -m tls --tls-host "*.googlevideo.com" -j mark --set-mark 456