apps/cunicu
1
0
Fork 0
mirror of https://codeberg.org/cunicu/cunicu.git synced 2025-10-04 00:16:44 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
backend-manual
cunicu/docs/Design.md
Steffen Vogel 1c1ddcea1d fix typos in Markdown files 
Signed-off-by: Steffen Vogel <post@steffenvogel.de>
2022-05-04 12:39:02 +02:00

3.5 KiB
Raw Permalink Blame History

Design

Objectives

  • Use WebRTC perfect negotiation pattern

  • Support Trickle ICE

  • Support ICE restart

  • Support ICE-TCP

  • Encrypt exchanged ICE offers with Wireguard keys

  • Seamless switch between ICE candidates and relays

  • Zero configuration

    • Alleviate users of exchanging endpoint IPs & ports

  • Enables direct communication of Wireguard peers behind NAT / UDP-blocking firewalls

  • Single-binary, zero dependency installation

  • Support for user and kernel-space Wireguard implementations

  • Zero performance impact

    • Kernel-side filtering / redirection of Wireguard traffic
    • Fallback to user-space proxying only if no Kernel features are available

  • Minimized attack surface

    • Drop privileges after initial configuration

  • Compatible with existing Wireguard configuration utilities like:

  • Monitoring for new Wireguard interfaces and peers

    • Inotify for new UAPI sockets in /var/run/wireguard
    • Netlink subscription for link updates (patch is pending)

Related RFCs

  • RFC6544 TCP Candidates with Interactive Connectivity Establishment (ICE)
  • RFC8838 Trickle ICE: Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (ICE) Protocol
  • RFC8445 Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal
  • RFC8863 Interactive Connectivity Establishment Patiently Awaiting Connectivity (ICE PAC)
  • RFC8839 Session Description Protocol (SDP) Offer/Answer Procedures for Interactive Connectivity Establishment (ICE)
  • RFC6062 Traversal Using Relays around NAT (TURN) Extensions for TCP Allocations
  • RFC8656 Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)
  • RFC8489 Session Traversal Utilities for NAT (STUN)
  • RFC8866 SDP: Session Description Protocol
  • RFC3264 An Offer/Answer Model with the Session Description Protocol (SDP)