115e6f5b0a | ||
---|---|---|
src | ||
.gitignore | ||
README.md | ||
shard.yml |
README.md
Plumberd is a program to handle networking for all other software.
WARNING
Security is TBD. Currently, only TCPd is implemented, which means no communication security.
Plumberd functionalities
firewall
Plumberd
has to filter the connections to local services.
WIP.
authentication
Plumberd
has to authenticate clients asking for a service.
WIP.
redirection
Central networking management allows for functionalities such as redirections. For example, a local client asking for the authentication can be authenticated with a distant authentication service.
encapsulation
TBD. WIP.
Configuration
Configuration is yet to be defined.
- redirection
- firewall
- authentication
Usage
This program can be used as follow:
# with some static rules
plumberd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000
plumberd --redirect authd nextversion-authd
usage examples
plumberd
is requested each time a client is launched when the right environment variable is used.
For example, we want to connect to a distant authd
service:
IPC_NETWORKD="authd tls://user@passwd:example.com:9000/authd"
Currently, the plumberd only works with tcp and unix routes.
IPC_NETWORKD="pongd tcp://example.com:9000/pongd"
Changelog
-
v0.1: (current) plumberd (redirections), tcpd
plumberd
understands URIs (tcp://example.com/service
orunix:///service
)tcp
scheme is understood:plumberd
contacts thetcpd
serviceunix
scheme is understood:plumberd
performs a redirection
Roadmap
- v0.2: webipcd, documentation
- v0.3: firewall + redirections
- v0.4: static configuration: default routes, authentication
- v0.5: tlsd built-in, pre-shared keys
- v0.6: udpd
- v1.0: TBD
Plumberd explanations
-
client contacts
plumberd
-
plumberd
understand the request from the client then contacts the local service responsible for the communication protocol required -
once the distant connection is established (between the two
tlsd
services for example)plumberd
provides a file descriptor to the client -
finally, the client can perform requests to the distant service transparently
during the connection:
client <-> plumberd <-> tlsd <=> tlsd <-> plumberd <-> service
then:
client <-> tlsd <=> tlsd <-> server