2019-07-27 15:23:01 +02:00
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
Plumberd is a program to handle networking for all other software.
|
2019-07-27 15:23:01 +02:00
|
|
|
|
|
|
|
|
# WARNING
|
|
|
|
|
|
|
|
|
|
Security is TBD. Currently, only TCPd is implemented, which means no communication security.
|
|
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
# Plumberd functionalities
|
2019-07-27 15:23:01 +02:00
|
|
|
|
|
|
|
|
## firewall
|
|
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
`Plumberd` has to filter the connections to local services.
|
2019-07-27 15:23:01 +02:00
|
|
|
|
|
|
|
|
```Warning
|
|
|
|
|
WIP.
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## authentication
|
|
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
`Plumberd` has to authenticate clients asking for a service.
|
2019-07-27 15:23:01 +02:00
|
|
|
|
|
|
|
|
```Warning
|
|
|
|
|
WIP.
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## redirection
|
|
|
|
|
|
|
|
|
|
Central networking management allows for functionalities such as redirections.
|
|
|
|
|
For example, a local client asking for the authentication can be authenticated with a distant authentication service.
|
|
|
|
|
|
|
|
|
|
## encapsulation
|
|
|
|
|
|
|
|
|
|
```Warning
|
|
|
|
|
TBD. WIP.
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Configuration
|
|
|
|
|
|
|
|
|
|
Configuration is yet to be defined.
|
|
|
|
|
|
|
|
|
|
* redirection
|
|
|
|
|
* firewall
|
|
|
|
|
* authentication
|
|
|
|
|
|
|
|
|
|
# Usage
|
|
|
|
|
|
|
|
|
|
This program can be used as follow:
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
# with some static rules
|
2019-11-04 08:56:57 +01:00
|
|
|
plumberd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000
|
|
|
|
|
plumberd --redirect authd nextversion-authd
|
2019-07-27 15:23:01 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## usage examples
|
|
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
`plumberd` is requested each time a client is launched when the right environment variable is used.
|
2019-07-27 15:23:01 +02:00
|
|
|
For example, we want to connect to a distant `authd` service:
|
|
|
|
|
|
|
|
|
|
IPC_NETWORKD="authd tls://user@passwd:example.com:9000/authd"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```Warning
|
2019-11-04 08:56:57 +01:00
|
|
|
Currently, the plumberd only works with tcp and unix routes.
|
2019-07-27 15:23:01 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
IPC_NETWORKD="pongd tcp://example.com:9000/pongd"
|
|
|
|
|
|
|
|
|
|
# Changelog
|
|
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
* v0.1: (current) plumberd (redirections), tcpd
|
2019-07-27 15:23:01 +02:00
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
* `plumberd` understands URIs (`tcp://example.com/service` or `unix:///service`)
|
|
|
|
|
* `tcp` scheme is understood: `plumberd` contacts the `tcpd` service
|
|
|
|
|
* `unix` scheme is understood: `plumberd` performs a redirection
|
2019-07-27 15:23:01 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# Roadmap
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* v0.2: webipcd, documentation
|
|
|
|
|
* v0.3: firewall + redirections
|
|
|
|
|
* v0.4: static configuration: default routes, authentication
|
|
|
|
|
* v0.5: tlsd built-in, pre-shared keys
|
|
|
|
|
* v0.6: udpd
|
|
|
|
|
* v1.0: TBD
|
|
|
|
|
|
|
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
# Plumberd explanations
|
2019-07-27 15:23:01 +02:00
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
1. client contacts `plumberd`
|
|
|
|
|
1. `plumberd` understand the request from the client then contacts the local service responsible for the communication protocol required
|
|
|
|
|
1. once the distant connection is established (between the two `tlsd` services for example) `plumberd` provides a file descriptor to the client
|
2019-07-27 15:23:01 +02:00
|
|
|
1. finally, the client can perform requests to the distant service transparently
|
|
|
|
|
|
|
|
|
|
during the connection:
|
|
|
|
|
|
2019-11-04 08:56:57 +01:00
|
|
|
client <-> plumberd <-> tlsd <=> tlsd <-> plumberd <-> service
|
2019-07-27 15:23:01 +02:00
|
|
|
|
|
|
|
|
then:
|
|
|
|
|
|
|
|
|
|
client <-> tlsd <=> tlsd <-> server
|
