Open source • Python • AIS NMEA 0183

AISMixer

AIS stream processing and routing platform

Normalize · Deduplicate · Tag · Route · Forward

Receive AIS feeds, turn receiver traffic into one controlled logical stream, and deliver it to the UDP egress targets that need it.

AIS stream processing

From receiver traffic to a clean, source-aware feed

AISMixer keeps transport, NMEA assembly, metadata, deduplication, and delivery in one near-real-time processing path.

Flexible ingress

Receive plain UDP over IPv4 or IPv6, or authenticated encrypted UDPSEC station traffic.

AIS sentence extraction

Extract both !AIVDM and !AIVDO from realistic receiver and application output.

Multipart assembly

Reassemble multipart messages with NMEA fragment fields and a stable ingress assembler identity.

Near-real-time deduplication

Suppress repeated logical AIS messages globally in broadcast mode or per target in routing mode.

Controlled TAG metadata

Read and write NMEA TAG s, c, and g without confusing metadata with routing identity.

Selected forwarding

Forward the resulting logical stream to all configured outputs or only the named UDP egress targets selected by routing.

Routing and logical zones

Express stream policy with source identities

Static logical routing connects named ingress sources to named UDP egress targets through reusable source sets and ordered routes.

Named ingressUDP and UDPSEC sources
Logical zonesSets of source identities
Ordered routesDeclarative target selection
Named egressSelected UDP targets

Composable source sets

Define zones with include, union, intersection, and difference.

Logical, not geographic

Zones are sets of internal source identities—not map areas, MMSI filters, vessel filters, or payload rules.

Per-target stream quality

Routing mode scopes deduplication to each logical target, so one delivery path does not suppress another.

source_id is an internal routing identity. It is separate from the NMEA TAG s value emitted downstream.

Runtime routing control

Change active routes without interrupting the data plane

An optional local Unix-domain control plane exposes concise routing operations through the globally installed aismixerctl command.

Inspect routing status

See the active generation, enabled state, logical zones, ordered routes, and target identities.

Replace or disable atomically

Validate a complete candidate before swapping the immutable routing snapshot, or return to legacy broadcast mode.

Reject stale updates

Optional generation checks prevent an operator from overwriting a newer routing change unintentionally.

Deliberately local and process-scoped. Runtime routes are not persisted after restart, configuration files are not rewritten, and ingress or egress adapters are not created dynamically. Unix socket permissions are the current authorization boundary; there is no application-level control token.

Network endpoint controls

Constrain peers and outbound source addresses

Small application-level controls make IPv4 and IPv6 endpoints easier to place inside an operator’s wider firewall and routing policy.

Ingress allow_from

Restrict UDP and UDPSEC listeners to literal IP addresses or CIDR networks, with explicit deny-all behavior available.

Outbound source_ip

Bind an egress socket to a literal IPv4 or IPv6 source address and constrain destination resolution to the same family.

Part of a layered boundary

These policies complement operating-system firewall and routing rules; they do not replace them.

source_ip is source-address binding—not interface selection, routing-table selection, socket marking, or SDN.

nmea_sproxy and physical AIS receivers

Connect networked or physical AIS receivers through nmea_sproxy

nmea_sproxy is the station-side proxy that connects one local AIS source to one configured AISMixer destination.

Physical AIS receiver
serial port or USB virtual COM
nmea_sproxy
UDPSEC or explicitly trusted plain UDP
AISMixer

Implemented local inputs

  • UDP from a local networked receiver or AIS application.
  • Direct physical serial-port input.
  • USB virtual COM input from a physical AIS receiver.

Implemented outputs

  • Authenticated encrypted UDPSEC with liveness and reconnection.
  • Explicit plain UDP for a trusted LAN, VPN, or equivalent boundary.

Clear relation boundary

One local input maps to one configured output. nmea_sproxy does not mix, fan out, route, deduplicate, assemble multipart AIS, or rewrite TAG metadata.

A networked receiver can feed local UDP into nmea_sproxy or send UDP directly to AISMixer, depending on the deployment. The main AISMixer process does not read serial ports directly. Trusted plain UDP does not provide UDPSEC encryption, authentication, replay protection, or liveness.

Deployment and operations

A native Linux lifecycle built for real installations

The repository-managed deployment keeps runtime files, operator state, systemd integration, and local routing control aligned.

Repository-managed systemd

The native service provisions /run/aismixer while AISMixer is running and supports the optional local control socket.

Install, update, and uninstall

Privilege-aware lifecycle scripts handle root or sudo operation and maintain the deployed runtime and service units.

Operator state preserved

Normal install, update, and uninstall flows preserve operator configuration and cryptographic keys.

Global routing CLI

The installed workflow places aismixerctl in /usr/local/bin for local routing operations.

Documentation and project status

Implemented foundations, clearly separated from what comes next

The Wiki is the detailed guide to architecture, configuration, routing, security, and operations. The Roadmap tracks future work without promising dates.

Implemented now

  • Logical routing, zones, and target-scoped deduplication.
  • Runtime routing control with aismixerctl.
  • Endpoint ACLs and source-address binding.
  • Physical receiver input through nmea_sproxy.
  • UDPSEC and explicitly trusted plain-UDP proxy output.
  • Hardened native systemd deployment lifecycle.

Planned next

  • Docker deployment and expanded Quickstart material.
  • A coordinator process with ingress workers and egress workers.
  • IPC routing-state distribution and additional adapters.
  • Persistent runtime routing options and configuration reload.
  • Distributed or P2P routing development.
  • Spoof/anomaly research—not an implemented detector today.