Baguette
/
ipcd
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ipcd/README.md

2.3 KiB
Raw Blame History

Networkd is a program to handle networking for all other software.

WARNING

Security is TBD. Currently, only TCPd is implemented, which means no communication security.

Networkd functionalities

firewall

Networkd has to filter the connections to local services.

WIP.

authentication

Networkd has to authenticate clients asking for a service.

WIP.

redirection

Central networking management allows for functionalities such as redirections. For example, a local client asking for the authentication can be authenticated with a distant authentication service.

encapsulation

TBD.  WIP.

Configuration

Configuration is yet to be defined.

  • redirection
  • firewall
  • authentication

Usage

This program can be used as follow:

# with some static rules
networkd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000
networkd --redirect authd nextversion-authd

usage examples

networkd is requested each time a client is launched when the right environment variable is used. For example, we want to connect to a distant authd service:

IPC_NETWORKD="authd tls://user@passwd:example.com:9000/authd"

Currently, the networkd only works with tcp and unix routes.

IPC_NETWORKD="pongd tcp://example.com:9000/pongd"

Changelog

  • v0.1: (current) networkd (redirections), tcpd

    • networkd understands URIs (tcp://example.com/service or unix:///service)
    • tcp scheme is understood: networkd contacts the tcpd service
    • unix scheme is understood: networkd performs a redirection

Roadmap

  • v0.2: webipcd, documentation
  • v0.3: firewall + redirections
  • v0.4: static configuration: default routes, authentication
  • v0.5: tlsd built-in, pre-shared keys
  • v0.6: udpd
  • v1.0: TBD

Networkd explanations

  1. client contacts networkd

  2. networkd understand the request from the client then contacts the local service responsible for the communication protocol required

  3. once the distant connection is established (between the two tlsd services for example) networkd provides a file descriptor to the client

  4. finally, the client can perform requests to the distant service transparently

    during the connection:

    client <-> networkd <-> tlsd <=> tlsd <-> networkd <-> service

    then:

    client <-> tlsd <=> tlsd <-> server