Plumberd is a program to handle networking for all other software. # WARNING Security is TBD. Currently, only TCPd is implemented, which means no communication security. # Plumberd functionalities ## firewall `Plumberd` has to filter the connections to local services. ```Warning WIP. ``` ## authentication `Plumberd` has to authenticate clients asking for a service. ```Warning WIP. ``` ## redirection Central networking management allows for functionalities such as redirections. For example, a local client asking for the authentication can be authenticated with a distant authentication service. ## encapsulation ```Warning TBD. WIP. ``` # Configuration Configuration is yet to be defined. * redirection * firewall * authentication # Usage This program can be used as follow: ```sh # with some static rules plumberd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000 plumberd --redirect authd nextversion-authd ``` ## usage examples `plumberd` is requested each time a client is launched when the right environment variable is used. For example, we want to connect to a distant `authd` service: IPC_NETWORKD="authd tls://user@passwd:example.com:9000/authd" ```Warning Currently, the plumberd only works with tcp and unix routes. ``` IPC_NETWORKD="pongd tcp://example.com:9000/pongd" # Changelog * v0.1: (current) plumberd (redirections), tcpd * `plumberd` understands URIs (`tcp://example.com/service` or `unix:///service`) * `tcp` scheme is understood: `plumberd` contacts the `tcpd` service * `unix` scheme is understood: `plumberd` performs a redirection # Roadmap * v0.2: webipcd, documentation * v0.3: firewall + redirections * v0.4: static configuration: default routes, authentication * v0.5: tlsd built-in, pre-shared keys * v0.6: udpd * v1.0: TBD # Plumberd explanations 1. client contacts `plumberd` 1. `plumberd` understand the request from the client then contacts the local service responsible for the communication protocol required 1. once the distant connection is established (between the two `tlsd` services for example) `plumberd` provides a file descriptor to the client 1. finally, the client can perform requests to the distant service transparently during the connection: client <-> plumberd <-> tlsd <=> tlsd <-> plumberd <-> service then: client <-> tlsd <=> tlsd <-> server