104 lines
2.3 KiB
Markdown
104 lines
2.3 KiB
Markdown
|
|
||
|
Networkd is a program to handle networking for all other software.
|
||
|
|
||
|
# WARNING
|
||
|
|
||
|
Security is TBD. Currently, only TCPd is implemented, which means no communication security.
|
||
|
|
||
|
# Networkd functionalities
|
||
|
|
||
|
## firewall
|
||
|
|
||
|
`Networkd` has to filter the connections to local services.
|
||
|
|
||
|
```Warning
|
||
|
WIP.
|
||
|
```
|
||
|
|
||
|
## authentication
|
||
|
|
||
|
`Networkd` has to authenticate clients asking for a service.
|
||
|
|
||
|
```Warning
|
||
|
WIP.
|
||
|
```
|
||
|
|
||
|
## redirection
|
||
|
|
||
|
Central networking management allows for functionalities such as redirections.
|
||
|
For example, a local client asking for the authentication can be authenticated with a distant authentication service.
|
||
|
|
||
|
## encapsulation
|
||
|
|
||
|
```Warning
|
||
|
TBD. WIP.
|
||
|
```
|
||
|
|
||
|
|
||
|
# Configuration
|
||
|
|
||
|
Configuration is yet to be defined.
|
||
|
|
||
|
* redirection
|
||
|
* firewall
|
||
|
* authentication
|
||
|
|
||
|
# Usage
|
||
|
|
||
|
This program can be used as follow:
|
||
|
|
||
|
```sh
|
||
|
# with some static rules
|
||
|
networkd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000
|
||
|
networkd --redirect authd nextversion-authd
|
||
|
```
|
||
|
|
||
|
## usage examples
|
||
|
|
||
|
`networkd` is requested each time a client is launched when the right environment variable is used.
|
||
|
For example, we want to connect to a distant `authd` service:
|
||
|
|
||
|
IPC_NETWORKD="authd tls://user@passwd:example.com:9000/authd"
|
||
|
|
||
|
|
||
|
```Warning
|
||
|
Currently, the networkd only works with tcp and unix routes.
|
||
|
```
|
||
|
|
||
|
IPC_NETWORKD="pongd tcp://example.com:9000/pongd"
|
||
|
|
||
|
# Changelog
|
||
|
|
||
|
* v0.1: (current) networkd (redirections), tcpd
|
||
|
|
||
|
* `networkd` understands URIs (`tcp://example.com/service` or `unix:///service`)
|
||
|
* `tcp` scheme is understood: `networkd` contacts the `tcpd` service
|
||
|
* `unix` scheme is understood: `networkd` performs a redirection
|
||
|
|
||
|
|
||
|
# Roadmap
|
||
|
|
||
|
|
||
|
* v0.2: webipcd, documentation
|
||
|
* v0.3: firewall + redirections
|
||
|
* v0.4: static configuration: default routes, authentication
|
||
|
* v0.5: tlsd built-in, pre-shared keys
|
||
|
* v0.6: udpd
|
||
|
* v1.0: TBD
|
||
|
|
||
|
|
||
|
# Networkd explanations
|
||
|
|
||
|
1. client contacts `networkd`
|
||
|
1. `networkd` understand the request from the client then contacts the local service responsible for the communication protocol required
|
||
|
1. once the distant connection is established (between the two `tlsd` services for example) `networkd` provides a file descriptor to the client
|
||
|
1. finally, the client can perform requests to the distant service transparently
|
||
|
|
||
|
during the connection:
|
||
|
|
||
|
client <-> networkd <-> tlsd <=> tlsd <-> networkd <-> service
|
||
|
|
||
|
then:
|
||
|
|
||
|
client <-> tlsd <=> tlsd <-> server
|