Splits a single TCP port for a use with multiple services (in the spirit of sslh)
C M4 Makefile Shell
Latest commit 37aaf30 Dec 23, 2016 @kheops2713 We need gnu11 standard to support struct addrinfo
Signed-off-by: KheOps <kheops@ceops.eu>
Failed to load latest commit information.
include Basic Makefile.am in include/ to make sure header files are included … Sep 10, 2013
man Add EXTRA_DIST to Makefile.am in man/ to include portsplit.1 in distr… Oct 16, 2013
src We need gnu11 standard to support struct addrinfo Dec 23, 2016
ChangeLog Update ChangeLog with information on rc1. Oct 16, 2013
NEWS Add dummy files required by automake (I don't like this workaround) Sep 8, 2013
configure.ac Modify function fetching package version to strip off the initial par… Oct 16, 2013


This is Portsplit.

Portsplit is a simple TCP port multiplexer: it makes it possible to
run several services behind a unique TCP port. It is very comparable
to sslh since it relies on the first bytes sent by a connecting client
in order to decide what to do.

Unlike sslh, it does not understand a fixed and hardcoded number of
protocols: no protocol is hardcoded, but the user can define as many
protocols as they wants thanks to a configuration file. Additionally,
Portsplit can not only do port forwarding but can also fork a local
process and pipe the stdin/stdout from/to the socket. Portsplit can
also bind at once as many local addresses and ports as wanted.

For that, it should be more flexible than sslh.

For the story, its development was motivated by the need to reduce
detectionability of VPN traffic from Syria.

All comments and feedbacks are welcome:
KheOps <kheops [at] ceops [dot] eu>

Usage and configuration
Just pass the path of the config file as argument to Portsplit:
$ portsplit <config-file>

A configuration example is provided in the examples/ directory and
shows usage examples of all existing options at the moment.

An unlimited number of services can be defined, and each service
definition starts with its name between brackets, e.g. "[myservice]"
alone on a line.

There are two special services:
- "fallback" is chosen when the client sent something that did not
  match any of the other services and has no chance to match any of
  them with more bytes;
- "timeout" is chosen when no service has matched nor was it sure that
  no service at all could be matched (in which case "fallback" would
  have been chosen) after a configurable amount of time since the
  client's connection.

Portsplit relies on the first bytes sent by a connecting client in
order to decide which service it should forward the connection to.

This means that Portsplit will not be able to take any decision
between two protocols in which the server is supposed to talk first. A
timeout parameter can be set in order to take action when a client did
not talk at all for some time after its connection.

Make datalove, not cyberwar ~~~~~~~:)