0

On a Linux-based system I need data incoming on a TCP port to be automatically redirected to other 50 local ports without going through user-space's send/recv. Each port needs to receive a copy of all incoming traffic. All ports are local to the same machine.

I've discarded the splice syscall due to the limit of one endpoint being a file. I guess that iptables is the right tool for this purpose, but I can't figure out the right syntax for this purpose. It should be something similar to:

iptables -t nat -A PREROUTING -p tcp --dport <in_port> -j REDIRECT --to-ports <out_port1>-<out_port50>

I wonder e.g. if the option -m multiport is needed.

Claudio
  • 10,614
  • 4
  • 31
  • 71
  • My first guess would have been to use the iptables `TEE` target, but [it doesn't work for stateful protocols like TCP](https://stackoverflow.com/questions/21633114/how-to-handle-mirroredduplicated-iptables-traffic-after-tee). – jotik Mar 14 '16 at 08:57
  • I thought I'd to use `--match multiport`... – Claudio Mar 14 '16 at 09:10
  • Hmm... actually using `TEE` with mangling the destination port could work, but using a regular TCP socket (instead of a raw socket) for the endpoint would probably not work. I think you can't work around writing an userspace application for this. You could use the `tee` (`man 2 tee`) system call though. Have you seen [these](https://stackoverflow.com/questions/14190731/send-data-to-multiple-sockets-using-pipes-tee-and-splice) [questions](https://stackoverflow.com/questions/884934/does-linuxs-splice2-work-when-splicing-from-a-tcp-socket)? – jotik Mar 14 '16 at 09:24
  • Yes. Unfortunately `splice` works on a TCP socket, but the other endpoint can't be a socket (e.g. it must be a file/pipe). – Claudio Mar 14 '16 at 10:50

0 Answers0