Luka Vandervelden bbe015ccf1 | ||
---|---|---|
src | ||
README.md | ||
shard.yml |
README.md
Networkd is a program to handle networking for all other software.
WARNING
Security is TBD. Currently, only TCPd is implemented, which means no communication security.
Networkd functionalities
firewall
Networkd
has to filter the connections to local services.
WIP.
authentication
Networkd
has to authenticate clients asking for a service.
WIP.
redirection
Central networking management allows for functionalities such as redirections. For example, a local client asking for the authentication can be authenticated with a distant authentication service.
encapsulation
TBD. WIP.
Configuration
Configuration is yet to be defined.
- redirection
- firewall
- authentication
Usage
This program can be used as follow:
# with some static rules
networkd --allow in authd tls:example.com --deny in * * --allow out pong tls:pong.example.com:9000
networkd --redirect authd nextversion-authd
usage examples
networkd
is requested each time a client is launched when the right environment variable is used.
For example, we want to connect to a distant authd
service:
IPC_NETWORKD="authd tls://user@passwd:example.com:9000/authd"
Currently, the networkd only works with tcp and unix routes.
IPC_NETWORKD="pongd tcp://example.com:9000/pongd"
Changelog
-
v0.1: (current) networkd (redirections), tcpd
networkd
understands URIs (tcp://example.com/service
orunix:///service
)tcp
scheme is understood:networkd
contacts thetcpd
serviceunix
scheme is understood:networkd
performs a redirection
Roadmap
- v0.2: webipcd, documentation
- v0.3: firewall + redirections
- v0.4: static configuration: default routes, authentication
- v0.5: tlsd built-in, pre-shared keys
- v0.6: udpd
- v1.0: TBD
Networkd explanations
-
client contacts
networkd
-
networkd
understand the request from the client then contacts the local service responsible for the communication protocol required -
once the distant connection is established (between the two
tlsd
services for example)networkd
provides a file descriptor to the client -
finally, the client can perform requests to the distant service transparently
during the connection:
client <-> networkd <-> tlsd <=> tlsd <-> networkd <-> service
then:
client <-> tlsd <=> tlsd <-> server