Userspace Networking with libuinet

libuinet was originally conceived as a way to bring highly scalable transparent proxy functionality to the free, portable TCP proxy WANProxy (http://wanproxy.org). To this end, libuinet extends the base FreeBSD TCP/IP stack feature set to include 'promiscuous sockets', which allow listens to capture connection attempts across VLANs (including nested), any IP address, and any port, admit/ignore those attempts based on an application-supplied filter, and retrieve the complete L2 and L3 details of admitted connections. Promiscuous socket functionality also allows active connections to fully specify their L2 and L3 identity. In this mode, libuinet has been shown to scale to 1 million active connections concurrent with 1 million listen sockets, with those million connections distributed in multiple ways across the VLAN and 4-tuple TCP addressing space.

Implementation of another extension to the stack, 'passive sockets', is currently underway and targeted for completion by the end of 1Q2014. Passive sockets provide for reassembly of both data streams in a TCP connection, along with a missing-frame notification mechanism, based on a copy of the packet stream flowing between the connection endpoints (e.g., via a SPAN port).

Packet I/O is accomplished via network interface drivers that plug into the bottom of the stack in the usual way, with a netmap interface being the current example. Providing additional interfaces is a straightforward exercise.

Care has been taken in the implementation to make the library self-contained and straightforward to keep up-to-date via merging in later FreeBSD releases, as well as to make it reasonably portable to other UNIX-like systems (and beyond, although with some additional effort).

libuinet is a useful building block for network infrastructure devices, including security, monitoring and WAN optimization applications, and is a potentially useful tool for network protocol research.