HDDEMUX(1) | HDDEMUX(1) |
hddemux - demultiplexes incoming TCP connections between HTTP and DNS
hddemux
hddemux takes a set of listening stream-based file descriptors (see sd_listen_fds(3)) and accepts new connections on them.
When a new connection comes in, it decides from the first few octets whether the connection is HTTP/1.x or DNS. If it thinks it’s HTTP/1.x, it splices the connection to the HTTP_TARGET. If it thinks it’s DNS, it splices the connection to the DNS_TARGET.
HTTP_TARGET and DNS_TARGET should be either a DNS name or an IP address, optionally followed by a colon and a port number. If either variable is unset, it will default to “localhost”.
If the port number is not specified, HTTP_TARGET defaults to TCP port 80, and DNS_TARGET defaults to TCP port 53.
If HDDEMUX_DEBUG is set to a non-empty string, then it will send a lot of verbose debugging info to stderr.
IDLE_TIMEOUT is used to set the number of milliseconds that hddemux will permit a session to be in an open state with no traffic passing before it tries to close both sides. The default is 600000 (10 minutes). Set this variable to 0 to never try to do this kind of cleanup.
When hddemux receives SIGUSR1, it dumps an overview of the current state of the demuxer (configuration, outstanding established streams, etc) to stderr.
For systemd, you need a .socket unit file:
#/lib/systemd/hddemux.socket [Unit] Description=HTTP/1.x and DNS demuxer socket Documentation=man:hddemux(1) [Socket] ListenStream=/run/hddemux/socket [Install] WantedBy=sockets.target
and a .service unit file:
#/lib/systemd/hddemux.service [Unit] Description=HTTP/1.x and DNS demuxer service Documentation=man:hddemux(1) Requires=hddemux.socket [Service] Type=notify ExecStart=/usr/bin/hddemux WorkingDirectory=/run/hddemux/workdir User=hddemux Group=hddemux [Install] Also=hddemux.socket
Configuration can be done by overriding the .service file (e.g. with Service.Environment= entries). See the “edit” documentation in systemctl(1) and the “Overriding vendor settings” section of systemd.unit(5).
hddemux is designed to demultiplex HTTP/1.x from stream-based DNS. Trying to demultiplex other protocols (including HTTP/2 or later) is not advised. Please see draft-dkg-dprive-demux-dns-http for more information and analysis.
Note that this effectively acts as a stream redirector once the client’s first flight has been processed. It does this with no attempt to defend against stream redirection loops, so be careful not to redirect it to itself or it will eat all of your memory in infinite recursion.
sd_listen_fds(3), systemctl(1), systemd.unit(5), https://datatracker.ietf.org/doc/draft-dkg-dprive-demux-dns-http/
Daniel Kahn Gillmor <dkg@fifthhorseman.net>.
2017 May |