Reverse-engineering UniFi inform protocol for multi-tenant routing
UniFi inform protocol structure
Every UniFi device (access points, switches, gateways) phones home to its controller via HTTP POST to port 8080 every 10 seconds. This handles device stats, config sync, firmware versions, and client counts. While the payload is AES-128-CBC encrypted, the header contains plaintext device identification.
Packet header details
The first 40 bytes of every inform packet are unencrypted:
Offset Size Field ────── ───── ────────────────────────── 0 4B Magic: "TNBU" (0x544E4255) 4 4B Packet version (currently 0) 8 6B Device MAC address 14 2B Flags (encrypted, compressed, etc.) 16 2B AES IV length 18 16B AES IV 34 4B Data version 38 4B Payload length 42+ var Encrypted payload (AES-128-CBC)
The MAC address at byte offset 8 is completely unencrypted. "TNBU" is "UBNT" backwards (Ubiquiti's ticker symbol and default SSH credentials).
MAC extraction and routing
Extracting the MAC requires minimal code:
header := make([]byte, 40)
if _, err := io.ReadFull(conn, header); err != nil {
return err
}
if string(header[0:4]) != "TNBU" {
return fmt.Errorf("not an inform packet")
}
mac := fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x",
header[8], header[9], header[10],
header[11], header[12], header[13])With the MAC in hand, routing becomes simple: maintain a table mapping MAC addresses to tenants, then forward the entire packet (header and encrypted payload untouched) to the correct backend. The proxy can be implemented in about 200 lines of Go with an in-memory MAC-to-tenant lookup table.
Controller port overview
Other controller ports include:
- 8443 TCP/HTTPS: Web UI and API
- 3478 UDP: STUN
- 6789 TCP: Speed test (internal)
- 27117 TCP: MongoDB (internal)
- 10001 UDP: L2 discovery (local only)
The MAC-based routing primarily serves as a fallback for edge cases like devices that haven't been reconfigured yet or factory-reset devices re-adopting. Once adopted, devices can be pointed at tenant-specific subdomains using standard Host header routing.
📖 Read the full source: HN AI Agents
👀 See Also
OpenClaw: Revolutionizing Website Maintenance with Continuous Surveillance
OpenClaw, an innovative AI-driven agency, redefines website maintenance by operating tirelessly around the clock. Harnessing advanced automation, it ensures optimal website functionality and promptly addresses issues.
Bridge Claude Code to Chat Apps for Remote Interaction
A GitHub project called cc-connect bridges Claude Code to messaging platforms like Slack and Telegram, allowing remote interaction without exposing your local machine. The agent runs locally while a small bridge relays messages between the agent and chat apps.
Claude Code plugin analyzes any plugin and generates interactive wiki reports
A new Claude Code plugin called vision-powers analyzes any plugin path or GitHub URL and generates an interactive HTML wiki report with architecture diagrams, security audits, and skill breakdowns. Installation is via claude plugin add vision-powers@claude-code-zero.
Dart AI productivity app review with OpenClaw integration
A user reports switching from Things to Dart AI for productivity, finding it better for implementing Getting Things Done methodology with full OpenClaw access, despite UI issues and initial setup complexity.