Community discussions

MikroTik App
 
msatter
Forum Guru
Forum Guru
Topic Author
Posts: 1464
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

TLS Host glob format?

Thu Mar 26, 2020 5:41 pm

I was looking at using an expression in TLS Host but I can't get it to work. I press TAB then I get the following possibilities:
"  $  ?  [0-9A-F]  \  _  a  b  f  n  r  t  v
$ = end of string
? = one or zero characters/signs/figures
[0-9A-Z] = in a range
\ = escape character
_ = used in domain names
a =
b =
f =
n = (maybe newline)
r = (maybe return)
t = (maybe tab)
v = (maybe vertical tab)

I really don't know were a b f n r t v are standing for.

A simple line with tls-host="^www\\.mikrotik\\.com$" seems not to work despite the packet (TCP) is not fragmented. Working is
www.mikrotik.com


I am missing grouping (aaa|bbb) which would very nice to have.

The page pointed to by the Wiki does not makes me much wiser: https://en.wikipedia.org/wiki/Glob_(programming)
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.47.beta.x / Winbox 3.21 / MikroTik APP 1.3.12
NordVPN viewtopic.php?f=2&t=158439&p=781009 for multiple connections.
 
Sob
Forum Guru
Forum Guru
Posts: 5416
Joined: Mon Apr 20, 2009 9:11 pm

Re: TLS Host glob format?

Thu Mar 26, 2020 7:14 pm

It's not regexp, and TAB doesn't show anything here. These work:
/ip firewall mangle
add action=log chain=prerouting dst-port=443 log-prefix=tls-forum protocol=tcp tls-host=forum.mikrotik.com
add action=log chain=prerouting dst-port=443 log-prefix=tls-any protocol=tcp tls-host=*.mikrotik.com
add action=log chain=prerouting dst-port=443 log-prefix=tls-any+m protocol=tcp tls-host=*m.mikrotik.com
add action=log chain=prerouting dst-port=443 log-prefix=tls-w+any protocol=tcp tls-host=w*.mikrotik.com
add action=log chain=prerouting dst-port=443 log-prefix=tls-any+m/w protocol=tcp tls-host="*[mw].mikrotik.com"
add action=log chain=prerouting dst-port=443 log-prefix=tls-3a-z protocol=tcp tls-host="[a-z][a-z][a-z].mikrotik.com"
add action=log chain=prerouting dst-port=443 log-prefix=tls-5a-z protocol=tcp tls-host="[a-z][a-z][a-z][a-z][a-z].mikrotik.com"
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
msatter
Forum Guru
Forum Guru
Topic Author
Posts: 1464
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: TLS Host glob format?

Thu Mar 26, 2020 7:45 pm

Thanks Sob but that help is really there if you are on one of the "\\" and press tab:
tlshost.JPG
I can enter the characters show by help in terminal (look at the orange $), and it is accepted on enter, but in the Winbox interface shows a blank field.
tlshost1.JPG
You do not have the required permissions to view the files attached to this post.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.47.beta.x / Winbox 3.21 / MikroTik APP 1.3.12
NordVPN viewtopic.php?f=2&t=158439&p=781009 for multiple connections.

Who is online

Users browsing this forum: jamrobe and 140 guests