mirror of
https://codeberg.org/cunicu/cunicu.git
synced 2025-11-03 02:13:22 +08:00
30 lines
1.1 KiB
Markdown
30 lines
1.1 KiB
Markdown
# Design
|
|
|
|
## Objectives
|
|
|
|
- Support [Trickle ICE]
|
|
- Support ICE restart
|
|
- Support [ICE-TCP]
|
|
- Sign and verify ICE offers with Wireguard keys (via [XEdDSA] signature scheme for Curve25519 key pairs)
|
|
- Seamless switch between ICE candidates and relays
|
|
- Zero configuration
|
|
- Eleviate users of exchaging endpoint IPs & ports
|
|
- Enables direct communication of Wireguard peers behind NAT / UDP-blocking firewalls
|
|
- Single-binary, zero dependency installation
|
|
- Bundled ICE agent & Wireguard userspace daemon
|
|
- Portablilty
|
|
- Support for user and kernel-space Wireguard implementations
|
|
- Zero performance impact
|
|
- Kernel-side filtering / redirection of Wireguard traffic
|
|
- Fallback to userspace proxying only if no Kernel features are available
|
|
- Minimized attack surface
|
|
- Drop privileges after inital configuration
|
|
- Compatible with existing Wireguard configuration utilities like:
|
|
- [NetworkManager]
|
|
- [systemd-networkd]
|
|
- [wg-quick]
|
|
- [kilo]
|
|
- Monitoring for new Wireguard interfaces and peers
|
|
- Inotify for new UAPI sockets in /var/run/wireguard
|
|
- Netlink subscription for link updates
|