Skip to content
/ portsplit Public

Splits a single TCP port for a use with multiple services (in the spirit of sslh)

License

GPL-3.0 license
35 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kheops2713/portsplit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

133 Commits
examples
examples
 
 
include
include
 
 
man
man
 
 
src
src
 
 
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
COPYING
COPYING
 
 
ChangeLog
ChangeLog
 
 
INSTALL
INSTALL
 
 
Makefile.am
Makefile.am
 
 
NEWS
NEWS
 
 
README
README
 
 
TODO
TODO
 
 
autogen.sh
autogen.sh
 
 
configure.ac
configure.ac
 
 

Repository files navigation

This is Portsplit.


Introduction
----------------------------------------------------------------------
Portsplit is a simple TCP port multiplexer: it makes it possible to
run several services behind a unique TCP port. It is very comparable
to sslh since it relies on the first bytes sent by a connecting client
in order to decide what to do.

Unlike sslh, it does not understand a fixed and hardcoded number of
protocols: no protocol is hardcoded, but the user can define as many
protocols as they wants thanks to a configuration file. Additionally,
Portsplit can not only do port forwarding but can also fork a local
process and pipe the stdin/stdout from/to the socket. Portsplit can
also bind at once as many local addresses and ports as wanted.

For that, it should be more flexible than sslh.

For the story, its development was motivated by the need to reduce
detectionability of VPN traffic from Syria.

All comments and feedbacks are welcome:
KheOps <kheops [at] ceops [dot] eu>


Usage and configuration
----------------------------------------------------------------------
Just pass the path of the config file as argument to Portsplit:
$ portsplit <config-file>

A configuration example is provided in the examples/ directory and
shows usage examples of all existing options at the moment.

An unlimited number of services can be defined, and each service
definition starts with its name between brackets, e.g. "[myservice]"
alone on a line.

There are two special services:
- "fallback" is chosen when the client sent something that did not
  match any of the other services and has no chance to match any of
  them with more bytes;
- "timeout" is chosen when no service has matched nor was it sure that
  no service at all could be matched (in which case "fallback" would
  have been chosen) after a configurable amount of time since the
  client's connection.


Limitations
----------------------------------------------------------------------
Portsplit relies on the first bytes sent by a connecting client in
order to decide which service it should forward the connection to.

This means that Portsplit will not be able to take any decision
between two protocols in which the server is supposed to talk first. A
timeout parameter can be set in order to take action when a client did
not talk at all for some time after its connection.


Propaganda
----------------------------------------------------------------------
Make datalove, not cyberwar ~~~~~~~:)

About

Splits a single TCP port for a use with multiple services (in the spirit of sslh)

Resources

Readme

License

GPL-3.0 license
Activity

Stars

35 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages