Offload TCP traffic to another process

alon.ludmer nginx-forum at forum.nginx.org
Fri Nov 29 07:26:30 UTC 2019


Hello experts,

Thanks for the quick response!
My name is Alon and I am working with Yoav in the new startup company.

I would like to clarify few things on our use-case in order to give you the
information you need to help us doing the right thing with Nginx.

1. The application layer could be any protocol over TCP layer.
2. We need to do TLS termination in both directions, downstream and
upstream.
3. The mirror traffic is not for raw packets, it should be done to the
decrypted TCP content after the TLS termination(in both directions). 

So we thought on writing new stream module which works along side with the
proxy_pass stream command. The new module register a handler on a stream
content phase and copy the TCP content traffic to other process for
offline analysis.
As Yoav mentioned, seems like there is only 1 handler in the content phase
(which already taken by the proxy_pass stream). 

Do we need to re-write the ngx_stream_proxy_module for such mirror
capabilities ?
Is there other better way to implement the use-case with Nginx?

Thanks, Alon

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286360,286364#msg-286364



More information about the nginx mailing list