110 lines
2.6 KiB
Markdown
110 lines
2.6 KiB
Markdown
|
|
ipcd is a program to handle networking for all other software.
|
|
|
|
# WARNING
|
|
|
|
Security is TBD. Currently, only TCPd is implemented, which means no communication security.
|
|
|
|
# ipcd functionalities
|
|
|
|
## firewall
|
|
|
|
`ipcd` has to filter the connections to local services.
|
|
|
|
```Warning
|
|
WIP.
|
|
```
|
|
|
|
## authentication
|
|
|
|
`ipcd` has to authenticate clients asking for a service.
|
|
|
|
```Warning
|
|
WIP.
|
|
```
|
|
|
|
## redirection
|
|
|
|
Central networking management allows for functionalities such as redirections.
|
|
For example, a local client asking for the authentication can be authenticated with a distant authentication service.
|
|
|
|
## encapsulation
|
|
|
|
```Warning
|
|
TBD. WIP.
|
|
```
|
|
|
|
|
|
# Configuration
|
|
|
|
Configuration is yet to be defined.
|
|
|
|
* redirection
|
|
* firewall
|
|
* authentication
|
|
|
|
# Usage
|
|
|
|
This program can be used as follow:
|
|
|
|
```sh
|
|
# with some static rules
|
|
ipcd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000
|
|
ipcd --redirect authd nextversion-authd
|
|
```
|
|
|
|
## usage examples
|
|
|
|
`ipcd` is requested each time a client is launched when the right environment variable is used.
|
|
For example, we want to connect to a distant `authd` service:
|
|
|
|
IPC_NETWORK="authd tls://user@passwd:example.com:9000/authd"
|
|
|
|
|
|
```Warning
|
|
Currently, the ipcd only works with tcp and unix routes.
|
|
```
|
|
|
|
IPC_NETWORK="pongd tcp://example.com:9000/pongd"
|
|
|
|
# Changelog
|
|
|
|
* v0.1: (current) ipcd (redirections), tcpd
|
|
|
|
* `ipcd` understands URIs (`tcp://example.com/service` or `unix:///service`)
|
|
* `tcp` scheme is understood: `ipcd` contacts the `tcpd` service
|
|
* `unix` scheme is understood: `ipcd` performs a redirection
|
|
|
|
* v0.2: websocketd is up and running, some documentation is available
|
|
|
|
* websocketd
|
|
* IPC services are accessible via WebSockets
|
|
* `websocketc` is an example of client for it, not requiring libipc
|
|
* documentation
|
|
* pongd is a service template, up and running,
|
|
|
|
# Roadmap
|
|
|
|
* v0.3: websocket scheme for clients, transparently usable through `ipcd`
|
|
* v0.4: firewall + redirections
|
|
* v0.5: static configuration: default routes, authentication
|
|
* v0.6: tlsd built-in, pre-shared keys
|
|
* v0.7: udpd
|
|
* v1.0: TBD
|
|
|
|
|
|
# ipcd explanations
|
|
|
|
1. client contacts `ipcd`
|
|
1. `ipcd` understand the request from the client then contacts the local service responsible for the communication protocol required
|
|
1. once the distant connection is established (between the two `tlsd` services for example) `ipcd` provides a file descriptor to the client
|
|
1. finally, the client can perform requests to the distant service transparently
|
|
|
|
during the connection:
|
|
|
|
client <-> ipcd <-> tlsd <=> tlsd <-> ipcd <-> service
|
|
|
|
then:
|
|
|
|
client <-> tlsd <=> tlsd <-> server
|