Networkd is a program to handle networking for all other software. # WARNING Security is TBD. Currently, only TCPd is implemented, which means no communication security. # Networkd functionalities ## firewall `Networkd` has to filter the connections to local services. ```Warning WIP. ``` ## authentication `Networkd` has to authenticate clients asking for a service. ```Warning WIP. ``` ## redirection Central networking management allows for functionalities such as redirections. For example, a local client asking for the authentication can be authenticated with a distant authentication service. ## encapsulation ```Warning TBD. WIP. ``` # Configuration Configuration is yet to be defined. * redirection * firewall * authentication # Usage This program can be used as follow: ```sh # with some static rules networkd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000 networkd --redirect authd nextversion-authd ``` ## usage examples `networkd` is requested each time a client is launched when the right environment variable is used. For example, we want to connect to a distant `authd` service: IPC_NETWORKD="authd tls://user@passwd:example.com:9000/authd" ```Warning Currently, the networkd only works with tcp and unix routes. ``` IPC_NETWORKD="pongd tcp://example.com:9000/pongd" # Changelog * v0.1: (current) networkd (redirections), tcpd * `networkd` understands URIs (`tcp://example.com/service` or `unix:///service`) * `tcp` scheme is understood: `networkd` contacts the `tcpd` service * `unix` scheme is understood: `networkd` performs a redirection # Roadmap * v0.2: webipcd, documentation * v0.3: firewall + redirections * v0.4: static configuration: default routes, authentication * v0.5: tlsd built-in, pre-shared keys * v0.6: udpd * v1.0: TBD # Networkd explanations 1. client contacts `networkd` 1. `networkd` understand the request from the client then contacts the local service responsible for the communication protocol required 1. once the distant connection is established (between the two `tlsd` services for example) `networkd` provides a file descriptor to the client 1. finally, the client can perform requests to the distant service transparently during the connection: client <-> networkd <-> tlsd <=> tlsd <-> networkd <-> service then: client <-> tlsd <=> tlsd <-> server