-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathREADME
62 lines (46 loc) · 2.48 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
This is Portsplit.
Introduction
----------------------------------------------------------------------
Portsplit is a simple TCP port multiplexer: it makes it possible to
run several services behind a unique TCP port. It is very comparable
to sslh since it relies on the first bytes sent by a connecting client
in order to decide what to do.
Unlike sslh, it does not understand a fixed and hardcoded number of
protocols: no protocol is hardcoded, but the user can define as many
protocols as they wants thanks to a configuration file. Additionally,
Portsplit can not only do port forwarding but can also fork a local
process and pipe the stdin/stdout from/to the socket. Portsplit can
also bind at once as many local addresses and ports as wanted.
For that, it should be more flexible than sslh.
For the story, its development was motivated by the need to reduce
detectionability of VPN traffic from Syria.
All comments and feedbacks are welcome:
KheOps <kheops [at] ceops [dot] eu>
Usage and configuration
----------------------------------------------------------------------
Just pass the path of the config file as argument to Portsplit:
$ portsplit <config-file>
A configuration example is provided in the examples/ directory and
shows usage examples of all existing options at the moment.
An unlimited number of services can be defined, and each service
definition starts with its name between brackets, e.g. "[myservice]"
alone on a line.
There are two special services:
- "fallback" is chosen when the client sent something that did not
match any of the other services and has no chance to match any of
them with more bytes;
- "timeout" is chosen when no service has matched nor was it sure that
no service at all could be matched (in which case "fallback" would
have been chosen) after a configurable amount of time since the
client's connection.
Limitations
----------------------------------------------------------------------
Portsplit relies on the first bytes sent by a connecting client in
order to decide which service it should forward the connection to.
This means that Portsplit will not be able to take any decision
between two protocols in which the server is supposed to talk first. A
timeout parameter can be set in order to take action when a client did
not talk at all for some time after its connection.
Propaganda
----------------------------------------------------------------------
Make datalove, not cyberwar ~~~~~~~:)