Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Splits a single TCP port for a use with multiple services (in the spirit of sslh)

branch: master
README
This is Portsplit.


Introduction
----------------------------------------------------------------------
Portsplit is a simple TCP port multiplexer: it makes it possible to
run several services behind a unique TCP port. It is very comparable
to sslh since it relies on the first bytes sent by a connecting client
in order to decide what to do.

Unlike sslh, it does not understand a fixed and hardcoded number of
protocols: no protocol is hardcoded, but the user can define as many
protocols as they wants thanks to a configuration file. Additionally,
Portsplit can not only do port forwarding but can also fork a local
process and pipe the stdin/stdout from/to the socket. Portsplit can
also bind at once as many local addresses and ports as wanted.

For that, it should be more flexible than sslh.

For the story, its development was motivated by the need to reduce
detectionability of VPN traffic from Syria.

All comments and feedbacks are welcome:
KheOps <kheops [at] ceops [dot] eu>


Usage and configuration
----------------------------------------------------------------------
Just pass the path of the config file as argument to Portsplit:
$ portsplit <config-file>

A configuration example is provided in the examples/ directory and
shows usage examples of all existing options at the moment.

An unlimited number of services can be defined, and each service
definition starts with its name between brackets, e.g. "[myservice]"
alone on a line.

There are two special services:
- "fallback" is chosen when the client sent something that did not
  match any of the other services and has no chance to match any of
  them with more bytes;
- "timeout" is chosen when no service has matched nor was it sure that
  no service at all could be matched (in which case "fallback" would
  have been chosen) after a configurable amount of time since the
  client's connection.


Limitations
----------------------------------------------------------------------
Portsplit relies on the first bytes sent by a connecting client in
order to decide which service it should forward the connection to.

This means that Portsplit will not be able to take any decision
between two protocols in which the server is supposed to talk first. A
timeout parameter can be set in order to take action when a client did
not talk at all for some time after its connection.


Propaganda
----------------------------------------------------------------------
Make datalove, not cyberwar ~~~~~~~:)
Something went wrong with that request. Please try again.