Mallet is a TCP tunnel that works like VPN. This depends on jpillora/chisel for actual TCP tunneling.
Mallet works on:
- macOS
- Linux
Get a binary from https://github.com/ryotarai/mallet/releases
go get github.com/ryotarai/mallet
Example situation:
Laptop --> a.example.com --> 10.0.0.0/8
First, install chisel to a.example.com by following https://github.com/jpillora/chisel#install and run chisel server:
a.example.com$ chisel server --port 8080
(Keep this chisel process running)
Then, run Mallet and connect to the chisel server:
$ sudo mallet start --chisel-server http://a.example.com:8080 10.0.0.0/8
(Keep this mallet process running)
Now, all TCP traffic to 10.0.0.0/8 is forwarded via a.example.com.
Example situation:
Laptop --SSH--> a.example.com --> 10.0.0.0/8
First, install chisel to a.example.com by following https://github.com/jpillora/chisel#install
Second, launch chisel server on a.example.com and forward a port to the server:
$ ssh -t -L 8080:127.0.0.1:8080 a.example.com chisel server --host 127.0.0.1 --port 8080
(Keep this ssh process running)
Then, start Mallet:
$ sudo mallet start --chisel-server http://127.0.0.1:8080 10.0.0.0/8
(Keep this mallet process running)
Now, all TCP traffic to 10.0.0.0/8 is forwarded via a.example.com.
Throughput | |
---|---|
(D) Direct | 4.98 Gbits/sec |
(A) Mallet | 1.84 Gbits/sec |
(B) Mallet over SSH | 1.04 Gbits/sec |
(C) sshuttle | 0.279 Gbits/sec |
req/sec
Concurrency (== Threads) | 1 | 2 | 4 | 8 |
---|---|---|---|---|
(D) Direct | 10174.78 | 18137.10 | 30328.02 | 39130.81 |
(A) Mallet | 3560.81 | 6772.88 | 11054.35 | 15576.85 |
(B) Mallet over SSH | 2465.27 | 4434.10 | 6881.70 | 9767.50 |
(C) sshuttle | 2416.52 | 4254.54 | 5491.61 | 469.49 (socket write error: 14) |
avg latency
Concurrency (== Threads) | 1 | 2 | 4 | 8 |
---|---|---|---|---|
(D) Direct | 95.85us | 107.50us | 128.92us | 211.63us |
(A) Mallet | 279.71us | 295.74us | 368.46us | 526.68us |
(B) Mallet over SSH | 406.29us | 452.08us | 586.36us | 823.74us |
(C) sshuttle | 411.67us | 468.36us | 725.38us | 1.19ms |
- 3 c5.large instances (Amazon EC2)
- All traffic is in VPC.
- Mallet v0.0.2 (ulimit -n 2048)
- Chisel v1.6.0
- sshuttle v1.0.2
- iperf v2.0.13
- server:
iperf -s
- client:
iperf -c DEST
- server:
- nginx 1.18.0-0ubuntu1
- HTTP response is "Welcome to nginx" page (Content-Length is 612)
- Ubuntu 20.04
If Mallet is killed forcibly and it does not shutdown properly, packet redirection rules may remain.
In this case, you can clean them up by mallet cleanup
.
- https://github.com/sshuttle/sshuttle
- It supports UDP also.
- IPv6 support