How to set up a persistent TCP gender-changer proxy?

The important question is, how will A react to loss of connection, or to connection being refused? Anything that just assumes that a single TCP connection will stay up forever is going to be fragile; that's just the nature of internet.

How about setting up the socat as a [x]inetd service?

You would set xinetd to listen in PORT-B, and start the socat -u TCP4-LISTEN:PORT-A,reuseaddr STDIO as soon as the B-side connects.

xinetd will pass the incoming traffic from B-side to standard input of socat, and catch the standard output of socat and pass it to the B-side.

If B disconnects, then the socat process can be allowed to end; xinetd will start a new one as soon as B connects again. While B is disconnected, A will be getting "connection refused" errors.

I once had to do something quite similar on an old HP-UX system.


The real world is messy.

In the real world sometimes TCP connections die, this may happen for example if a stateful firewall or NAT is rebooted, if the connection goes too long without traffic, if the underlying connection is down for too long.

Furthermore sometimes when connections die they don't die symmetrically. If a connection carrying a lot of data dies then it is likely that the sender will notice that it is dead long before the recipiant does so. This has a couple of side effects.

  • If the connection is initiated from sender to recipiant then a new connection may come in while the old connection is apparently still alive.
  • If the connection is initiated from recipiant to sender then there may be a substantial delay between the sender detecting the connection is broken and the recipiant detecting that fact and triggering a reconnection.

Furthermore TCP connections are a stream of bytes, NOT a stream of messages, so when your connection dies you may receive a partial message.

The net result of this leads me to conclude that a robust solution requires an understanding of the application protocol so that your solution can understand.

  1. How to splice the streams when a new connection comes in.
  2. Whether or not messages should be stored when the data source is connected by the data recipient is not.
  3. Whether an end to end acknowledgement mechanism is appropriate to prevent message loss.
  4. Whether some kind of application level "ping" mechanism is needed to speed up detection of dead connections.

Tags:

Proxy

Tcp

Socat

Related

Does it makes sense from a security perspective to remove the Server HTTP header? Is it possible to populate an S3 bucket through a CloudFormation template? Why do my SSD read latency benchmarks get markedly worse when I put an XFS filesystem on top? ESXi - Multiple Separate Concurrent Uplinks on vSwitch? How can I chown a file to a subuid without sudo DMARC and DKIM alignment with multiple DKIM signatures Is there a way to automatically add network interfaces to systemd-networkd and/or netplan? Why does postfix say 'Helo command rejected: Host not found' when dig finds the host? Why a pod can't connect to another network? (In the new version of Kubernetes) No space left on device even after adding a Persistence Storage on gcloud QSFP28 - is there something like a crossover cable? How to clear notifications in the Google Cloud Platform console?

Recent Posts