Welcome! Log In Create A New Profile


Re: Offload TCP traffic to another process

November 29, 2019 02:26AM
Hello experts,

Thanks for the quick response!
My name is Alon and I am working with Yoav in the new startup company.

I would like to clarify few things on our use-case in order to give you the information you need to help us doing the right thing with Nginx.

1. The application layer could be any protocol over TCP layer.
2. We need to do TLS termination in both directions, downstream and upstream.
3. The mirror traffic is not for raw packets, it should be done to the decrypted TCP content after the TLS termination(in both directions). 

So we thought on writing new stream module which works along side with the proxy_pass stream command. The new module register a handler on a stream content phase and copy the TCP content traffic to other process for offline analysis.
As Yoav mentioned, seems like there is only 1 handler in the content phase (which already taken by the proxy_pass stream). 

Do we need to re-write the ngx_stream_proxy_module for such mirror capabilities ?
Is there other better way to implement the use-case with Nginx?

Thanks, Alon
Subject Author Posted

Offload TCP traffic to another process

yoav.cohen November 28, 2019 03:33PM

Re: Offload TCP traffic to another process

Marcin Wanat November 28, 2019 05:40PM

Re: Offload TCP traffic to another process

alon.ludmer November 29, 2019 02:26AM

Re: Offload TCP traffic to another process

Patrick November 28, 2019 07:28PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 33
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready