[zorp] Telnet data or UDP paquets?

Balazs Scheidler bazsi at balabit.hu
Thu Aug 7 10:07:14 CEST 2008 

On Wed, 2008-08-06 at 19:16 +0200, Clement Fillon wrote:
> Dear Balazs Scheidler,
>  
> > What do you want to accomplish exactly?
> I would be happy if I could just log plain data separated by telnet
> session into 
> different files (perhaps also separated by client => server and server
> => client).
>  
> Searching data seems indeed complicated as when I look into Wireshark
> each
> keystroke is a separate paquet. Ideally I would like to check
> information so when 
> a user sends for example "root" that the session just terminates. It
> does not need
> to be perfect because instead of root you could also send
> "r","o","o","s","del","t"
> but that does not matter much to me and changing server states or
> other special 
> cases do not matter, too.

To save the traffic to disk you could increase the log level to 9 which
includes hexadecimal traffic dumps even in the telnet proxy, however
this is not very disk-space and performance friendly, but you could use
that. Our commercial offerings have something better, but I don't want
to write about that on the open source lists.

To terminate the connection based on byte sequences, this is not
currently supported. So you'd have to come up with an implementation.
The Linux kernel for instance has a textsearch implementation, that
offers multiple algorithms to do stream based searching. (look for the
text search API, in lib/ts_*.c in the linux kernel source tree).

>  
> > And about UDP: in Zorp, proxies are independent of the transport
> > protocol, so each proxy can be used to transfer both UDP and TCP
> > traffic. You can even convert between the two.
> Sounds very good! And how can I specify this conversion if I would
> want to do that?
> Do I need to set
> --enable-conntrack             Enable connection tracking for UDP
> based protocols
> at compile-time or does it work without this switch too?

This switch is not needed anymore currently unused. I've just commited a
patch to remove it.

There was some mailings on the 3.3 release of Zorp GPL, I'd recommend
using that, there were some important changes in 3.3 regarding UDP
support that makes it more reliable.

-- 
Bazsi

More information about the zorp mailing list