Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/de-cix/udp-dtls-wrapper

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/de-cix/udp-dtls-wrapper

  • v0.0.0-20240904112131-9e8ec3a5cfe8
  • Source
  • Go
  • Socket score

Version published
Created
Source

DE-CIX UDP-DTLS WRAPPER

This software provides functionality to a) pick up an UDP stream of data and transform it into an encrypted DTLS stream (bin/dtls-encrypter))and b) pick up an encrypted DTLS stream and transform it into an de-crypted UDP stream (bin/dtls-decrypter). This UDP-DTLS-wrapper finds application for encrypting IPFIX data trasported via UDP:2055 as a part of DE-CIX free-to-use product 'IPFIX Export'. Customers of that IXP can request their subset of IFPIX data generated by the peering platform. Their sensible data is encrypted on site and exported via DTLS. For decryption, the customers are free to use the hereby provided decrypter to reverse the encryption of their data. Exchange of key material is done automatically, so there is practically no overhead for the customer than to follow the steps given below. You can either compile the sources yourself, which requires a functioning Golang setup on your machine, or use thet pre-compiled binaries and jump right to the usage section. The pre-compiled binaries have been successfully tested on CentOS 7, kernel version 3.10.0-1160 and glibc version 2.17.

Setting up Go

According to the tutorial found here https://go.dev/doc/install the following steps must be taken to set up a Go environment for compilation

Compilation

To compile, run

In case of any trouble, please make sure that your Golang environment is properly configured ($GOPATH, $GOBIN, $GOROOT, etc.). Compilation verified on CentOS 7 (kernel 3.10.0-1160), Ubuntu 20.04 (kernel version 5.13.0-1031) Ubuntu 20.10 (kernel version 5.8.0-63-generic) with go version 1.13.3 and 1.16.

This will compile the DTLS decrypter for you. You can use the resulting file ("main") as described below.

Usage

  • Log in to the DE-CIX customer portal: https://portal.de-cix.net/
  • Click on 'Access & Services' in the top menu
  • Select the service you want to export IPFIX data for by clicking on the pen-icon / edit-icon
  • Switch to the 'Blackholing and Statistics' tab
  • Enter your public IPv4 address (e.g. 10.0.0.42) where it says 'IPFIX'
  • Hit 'Enable'
  • Launch the dtls-decrypter on the host with that public IPv4 address using ./bin/dtls-decrypter -listen 10.0.0.42, or in case of self-compilation: ./main -listen 10.0.0.4
  • You can also provide the dtls-decrypter with an optional argument using the -output flag to change the default destination of decrypted traffic, i.e.,, 127.0.0.1:2055 to any other IPv4 address or source port
  • Do not forget to switch off your requested IPFIX Exports if you do not need them anymore
  • You can now pick up your decrypted IPFIX data at the loopback interface on port 2055, or, if specified using -output : at any other IPv4 address on a configurable port

FAQs

Package last updated on 04 Sep 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc