Transport protocol agnostic way to multiplex ports and forward metainfo?

Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Transport protocol agnostic way to multiplex ports and forward metainfo?

Alexander Huemer
Hi,

Word of caution: I reference netfilter in this email, please bear with
me.

I would like to create a network service that is available on multiple
ports on multiple transport protocols.
Since opening a lot of ports on the application layer is inefficient, I
would prefer to multiplex on the network layer, like this:

                       +----- pf
                       V

--> TCP port 1001 -->--+
                       |
--> TCP port 1002 -->--+--> TCP port 1001
                       |
--> TCP port 1003 -->--+

                       +----- pf
                       V

--> UDP port 2001 -->--+
                       |
--> UDP port 2002 -->--+--> UDP port 2001
                       |
--> UDP port 2003 -->--+

[Same possibly for SCTP, DCCP, ...]

Additionally I would like to be able to know in the application on which
port the connection reached the system originally.

I am aware of the following mechanisms that allow what I want to do in
netfilter on linux:

For TCP: Using a REDIRECT rule with a port range and getsockopt with
         SO_ORIGINAL_DST.

For UDP: Using a TPROXY rule with a port range and recvmsg, then consume
         ancillary message that is provided

For SCTP, DCCP, others: I don't know a way to do that in netfilter.

With pf, I don't know what the options are that I have.

So, my question is: In pf, is there a transport protocol agnostic way to
multiplex ports to an application, enabling the application to know on
which port the connection came in?

Any advise appreciated.

Kind regards,
-Alex



signature.asc (836 bytes) Download Attachment