Further to my earlier article, I went ahead and developed this application. Here’s a beta!
File: tcp_tun.c
Version: 0.3-beta
Title: TCP reassembling client-server application
Date: 17 Aug 13
Author: Adam Palmer <adam [AT] sasdataservices [DOT] com>
URL: http://www.iodigitalsec.com/
Copyright 2009 Adam Palmer
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
1. Description
This software is a proxy client/server with the advantage that it is able to split a single
incoming connection to the proxy client into multiple TCP streams to the proxy server. The
proxy server will then reassemble these TCP streams into a single outbound connection to
the forward host.
2. Applications
a. Security – data sniffing.
b. Bandwidth – multiple TCP connections over multiple ISPs with iproute2, tc for both outgoing
AND incoming connections.
FTP (Passive), HTTP, SMTP, POP3 and OPENVPN! client/servers have all been tested across this
3. Installation
./configure && make
4. Usage
-L IP:port local listen
-R IP:port remote connect
-c client mode
-s server mode
-tX number of TCP connections
Binding to 0.0.0.0 is supported
Scenario:
A local machine has two equally weighted uplinks: http://www.iodigitalsec.com/
extending-tc-and-iproute2-linux-routing-split-access-multiple-uplinks
-multiple-isps-iptables-masquerading/
You have a Linux machine online with enough bandwidth, (111.111.111.111)
You want to pull a file from a remote host (222.222.222.222) via SCP (SSH on port 22).
You have access to run the tcp_tun in server mode on 111.111.111.111.
You have no access to 222.222.222.222
On your local machine, run:
tcp_tun -L 127.0.0.1:22 -R 111.111.111.111:1234 -c -t4
On your server (111.111.111.111), run:
tcp_tun -L 111.111.111.111:1234 -R 222.222.222.222:22 -s
Connect your SCP client to 127.0.0.1:22
-t4 should establish 2 TCP connections over each ISP where you have
two equally weighted uplinks. This is controlled by tc/iproute2 however.
The -L and -R modes operate in the same method as SIMPLEPROXY.
5. Benchmarks & Caveats
a. There is CPU processing power required to disassemble and reassemble the stream although this is minimal.
b. If one of the TCP threads is broken, the whole stream will fail
c. The overall connection will run as fast as the slowest of the TCP threads
I will run the client mode (-c) version on Windows XP under CYGWIN on my local PC. (Machine C)
I will run the server mode (-s) version on a remote debian server (217.10.156.X) (Machine X)
I will be attempting to pull a file via WINSCP from server 66.118.142.Y (Machine Y)
Further, I will establish an OPENVPN connection over the proxy.
Test 1:
Running simpleproxy on Machine X to bounce the connection through the same route that the tcp_tun will:
3 averages, download speed is 262.2KB/sec
Test 2:
Local PC: $ ./tcp_tun.exe -L 0.0.0.0:22 -R 217.10.156.X:5555 -c -t2
Machine X: # ./tcp_tun -L 0.0.0.0:5555 -R 66.118.142.Y:22 -s
-t2: 250.3KB/sec
-t4: 230.8KB/sec
-t6: 167.2KB/sec
-t8: 162.2KB/sec
-t10: 162.2KB/sec
-t16: 133.3KB/sec
-t32: 127.7KB/sec
-t64: 113.2KB/sec
The code is as follows and should be compiled with:
gcc -Wall -g -O2 -o tcp_tun tcp_tun.c -lpthread
You’ll need ‘getaddrinfo’ in the source directory on certain implications. The tool compiles successfully on Cygwin-latest and Debian Lenny gcc-4.3.2/2.6.28
tcp_tun-0.3-beta.c