TCL Port Dispatcher

Sometimes it would be nice to run two network services on the same tcp/ip port. The best example is ssh/https:

• https is available on most proxy servers, while ssh (port 22) is not
• if ssh could run in parallel with the web server, the https section would not need to be disabled.

To acomplish this, there is a small TCL script that does the following:

* Bind on a given port, and listen

• If an incoming connection is established, see what it does:
  • ssh clients do nothing: they expect the server to send a string. At least this is the case with ssh on Ubuntu 10.04.
  • web browsers send a TLS client helo
• Establish a tunnel to the ssh or web server, depending on previous detection
• disadvantage: the ssh detection does not work well under high loads

The TLS client helo could be further analyzed: watch for 22 in first bit, check tls version and so on, but this is not neccessary in this case. The scripts give an example on how to extract the TLS client helo information from the first request, so it could be adapted to other services which require a smarter approach.

There are three versions of the script:

• single-threaded
• multi threaded
• multi threaded with use of a thread pool

options:
 -p value             set the listening port for this program <>
 -ssh value           destination ssh server <>
 -ssl value           destination https web server <>
 -d value             debug level <0>
 -c                   start command line
 -b                   benchmark: use ssl only, no ssh detection
 -help                Print this message
 -?                   Print this message

• port, ssh (ip) and ssl (ip) are mandatory
• debug level can be between 0 (default) and 3.
• -b is for Apache benchmarking: the ssh detection does not work well under high loads. This option disables ssh entirely.
• -c starts a command line, giving the opportunity to execute tcl procedures and play arround with some values, debug level for example

Use at your own risk: this is a beginner project, maybe it contains bugs and/or security vulnerabilities. You can view and download the script from my git repository: http://www.dl2keb.de/gitweb/?p=TCL/portdispatch;a=tree;

Use blob to view, raw to download the scripts.

• http://en.wikipedia.org/wiki/Transport_Layer_Security#Handshake_protocol
• http://www.tcl.tk/about/netserver.html
• http://www.activestate.com/blog/2010/05/concurrency-tcl-events-without-getting-twisted
• http://www.activestate.com/blog/2010/05/concurreny-tcl-weaving-threads
• http://www.activestate.com/blog/2010/06/concurrency-tcl-talking-heads