Provided by: udptunnel_1.1-9_amd64 bug

NAME

       udptunnel - Tunnel UDP packets over a TCP connection

SYNTAX

       udptunnel -s TCP-port [-r] [-v] UDP-addr/UDP-port[/ttl]
       udptunnel -c TCP-addr[/TCP-port] [-r] [-v] UDP-addr/UDP-port[/ttl]

DESCRIPTION

       UDPTunnel  is  a  small  program  which can tunnel UDP packets bi-directionally over a TCP
       connection. Its  primary  purpose  (and  original  motivation)  is  to  allow  multi-media
       conferences to traverse a firewall which allows only outgoing TCP connections.

USAGE

       UDPTunnel  can  be  run  in  two  modes:  a client mode and a server mode. The client mode
       initiates the TCP connection before  relaying  UDP;  the  server  waits  for  an  incoming
       connection  before  doing so. After the TCP connection is established, the behavior of the
       two modes is identical. If you are using UDPTunnel to traverse  a  firewall  as  discussed
       above,  the  client  would be run inside the firewall, and the server would be run outside
       it.

OPTIONS

       -s TCP-port
              Server mode: If udptunnel is invoked with the -s option, it runs  in  server  mode:
              the server will wait for an incoming connection on the specified TCP port, and then
              relay UDP to and from it."

       -c TCP-addr[/TCP-port]
              Client mode: If udptunnel is invoked with the -c option, it runs in client mode: it
              will  open  a TCP connection to the specified TCP host and port, and then relay UDP
              on it. The TCP port may be omitted in this case; it will default to the  same  port
              number as the UDP port.

       -r     RTP  mode:  In  order  to  facilitate  tunneling  both  RTP  and RTCP traffic for a
              multi-media conference, this sets up relays on two consecutive TCP and  UDP  ports.
              All specified port numbers in this case must be even. Note that both the client and
              the server must use the -r flag for  this  to  work;  the  server  will  not  begin
              relaying packets until both its connections have been established.

       -v     Verbose  output:  This  flag  turns  on  verbose debugging output about UDPTunnel's
              actions. It may be given multiple  times.  With  a  single  -v,  information  about
              connection  establishment  is  printed on UDPTunnel's standard error stream; with a
              second one, per-packet information is also shown. Note that this  latter  case  can
              produce  a  prodigious  amount of information. If this flag is not given, UDPTunnel
              will remain silent unless an error occurs.

       One of the two options -c and -s must be given; if not, it is an error.

       In all cases, the UDP address and port to tunnel is given  after  all  options.  UDPTunnel
       will  listen  to this address for packets, and will send received packets on this address.
       The address may be a multicast address; in this case, a multicast TTL should be specified,
       and  tunneled  packets  will  be  sent  with  this TTL. All addresses, TCP and UDP, may be
       specified either as an IPv4 dotted-quad address (e.g. 224.2.0.1) or as a host  name  (e.g.
       conrail.cs.columbia.edu). Port numbers must be in the range of 1 to 65535; TTLs must be in
       the range 0 to 255.

PACKET FORMAT

       The packets are sent on TCP using the obvious, simple format: a sixteen-bit length  field,
       in network byte order, precedes each data packet. This format was proposed in early drafts
       of RTP for RTP-over-TCP, but was dropped from the final specification.

KNOWN BUGS/ISSUES

       UDPTunnel does not check incoming UDP packets to verify that they are indeed  coming  from
       the  address  which the user specified; it binds to INADDR_ANY, and accepts any UDP packet
       arriving on the specified port. This could potentially allow denial-of-service or spoofing
       attacks. If two or more -v options are given, per-packet identification will be printed of
       each packet's source address as it is received, allowing such a situation to be diagnosed.

       For multicast, UDPTunnel turns off packet loopback, as it has no way  to  distinguish  its
       own packets it sent out from packets genuinely arriving on the multicast group. This means
       that if you are tunneling traffic from or to a multicast group,  both  ends  of  UDPTunnel
       must  be run on different hosts than any member of the group. (In general, the only way to
       distinguish looped packets from packets genuinely received from other applications on  the
       local host is with application-layer labeling, as RTP does.)

       UDPTunnel  is designed to tunnel RTP-style traffic, in which applications send and receive
       UDP packets to  and  from  the  same  port  (or  pair  of  ports).  It  does  not  support
       request/response-style  traffic, in which a client request is sent from a transient port X
       to a well-known port Y, and the server's response is returned from port Y to port X.

       UDPTunnel deliberately ignores "Connection Refused" errors on the UDP port,  clearing  the
       socket  error  state, so that a tunnel may be set up before conferencing tools are started
       on both ends. This may mean that a mis-typed UDP address or port is not recognized, as  no
       error  is  printed.  If  two  or  more  -v options are given, a diagnostic will be printed
       whenever the error state is cleared from the socket.

       Once one endpoint of a tunnel is taken down, closing the socket, the other  one  exits  as
       well; to re-establish the tunnel, UDPTunnel must be restarted on both sides.

       IP version 6 is not supported.

AUTHORS

       UDPTunnel  was  written  by Jonathan Lennox <lennox@cs.columbia.edu>. It incorporates code
       written by Henning Schulzrinne <hgs@cs.columbia.edu>.

       This      manual       page       was       written       by       Thomas       Scheffczyk
       <thomas.scheffczyk@verwaltung.uni-mainz.de>,  for  the Debian GNU/Linux system (but may be
       used by others).