mirror of
https://codeberg.org/cunicu/cunicu.git
synced 2025-10-09 10:40:26 +08:00
34 lines
18 KiB
HTML
34 lines
18 KiB
HTML
<!doctype html>
|
||
<html lang="en" dir="ltr" class="docs-wrapper docs-doc-page docs-version-current plugin-docs plugin-id-default docs-doc-id-design">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta name="generator" content="Docusaurus v2.1.0">
|
||
<title data-rh="true">Design | cunīcu</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://cunicu.li/docs/design"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Design | cunīcu"><meta data-rh="true" name="description" content="Architecture"><meta data-rh="true" property="og:description" content="Architecture"><link data-rh="true" rel="icon" href="/img/favicon.png"><link data-rh="true" rel="canonical" href="https://cunicu.li/docs/design"><link data-rh="true" rel="alternate" href="https://cunicu.li/docs/design" hreflang="en"><link data-rh="true" rel="alternate" href="https://cunicu.li/docs/design" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="cunīcu RSS Feed">
|
||
<link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="cunīcu Atom Feed">
|
||
|
||
|
||
|
||
|
||
<link rel="preconnect" href="https://matomo.0l.de/piwik.js">
|
||
<noscript>
|
||
var img = document.createElement('img');
|
||
img.src = "https://matomo.0l.de/piwik.php?idsite=5&rec=1&url=https://cunicu.li" + location.pathname;
|
||
img.style = "border:0";
|
||
img.alt = "tracker";
|
||
|
||
var s = document.getElementsByTagName('script')[0];
|
||
s.parentNode.insertBefore(img,s);
|
||
</noscript>
|
||
<script>window.dev=void 0,(!0===window.dev||"1"!==navigator.doNotTrack&&"1"!==window.doNotTrack)&&(window._paq=window._paq||[],window._paq.push(["setTrackerUrl","https://matomo.0l.de/piwik.php"]),window._paq.push(["setSiteId","5"]),window._paq.push(["enableHeartBeatTimer"]),window.start=new Date,function(){var e=document,t=e.createElement("script"),o=e.getElementsByTagName("script")[0];t.type="text/javascript",t.async=!0,t.defer=!0,t.src="https://matomo.0l.de/piwik.js",o.parentNode.insertBefore(t,o)}(),!0===window.dev&&(console.debug("[Matomo] Tracking initialized"),console.debug("[Matomo] matomoUrl: https://matomo.0l.de, siteId: 5")))</script>
|
||
|
||
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.13.24/dist/katex.min.css" integrity="sha384-odtC+0UGzzFL/6PNoE8rX/SPcQDXBJ+uRepguP4QkPCm2LBxH3FA3y+fKSiJ+AmM" crossorigin="anonymous"><link rel="stylesheet" href="/assets/css/styles.31713120.css">
|
||
<link rel="preload" href="/assets/js/runtime~main.0d972120.js" as="script">
|
||
<link rel="preload" href="/assets/js/main.d3aebcf9.js" as="script">
|
||
</head>
|
||
<body class="navigation-with-keyboard" data-theme="light">
|
||
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus">
|
||
<div role="region" aria-label="theme.common.skipToMainContent"><a href="#" class="skipToContent_fXgn">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/cunicu_icon.svg" alt="cunīcu logo" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/cunicu_icon.svg" alt="cunīcu logo" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate">cunīcu</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs">Docs</a><a class="navbar__item navbar__link" href="/blog">Blog</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/stv0g/cunicu" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="searchBox_ZlJk"><div class="dsla-search-wrapper"><div class="dsla-search-field" data-tags="default,docs-default-current"></div></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs">Welcome</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/install">Installation</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/config">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/config-reference">Configuration Reference</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/features">Features</a><button aria-label="Toggle the collapsible sidebar category 'Features'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/usage">Usage</a><button aria-label="Toggle the collapsible sidebar category 'Usage'" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" href="/docs/design">Design</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/comparison">Comparison</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/docs/development">Development</a><button aria-label="Toggle the collapsible sidebar category 'Development'" type="button" class="clean-btn menu__caret"></button></div></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Design</span><meta itemprop="position" content="1"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Design</h1><h2 class="anchor anchorWithStickyNavbar_LWe7" id="architecture">Architecture<a class="hash-link" href="#architecture" title="Direct link to heading"></a></h2><p><img loading="lazy" src="/assets/images/architecture-698f935e44bbe4e44537cc165a669ff3.svg" width="901" height="629" class="img_ev3q"></p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="objectives">Objectives<a class="hash-link" href="#objectives" title="Direct link to heading"></a></h2><ul><li><p>Encrypt all signaling messages</p></li><li><p>Plug-able signaling backends:</p><ul><li>GRPC</li><li>Kubernetes API-server</li><li>WebSocket</li></ul></li><li><p>Support <a href="https://datatracker.ietf.org/doc/html/rfc8838" target="_blank" rel="noopener noreferrer">Trickle ICE</a></p></li><li><p>Support <a href="https://datatracker.ietf.org/doc/html/rfc8445#section-2.4" target="_blank" rel="noopener noreferrer">ICE restart</a></p></li><li><p>Support <a href="https://datatracker.ietf.org/doc/html/rfc6544" target="_blank" rel="noopener noreferrer">ICE-TCP</a></p></li><li><p>Encrypt exchanged ICE offers with WireGuard keys</p></li><li><p>Seamless switch between ICE candidates and relays</p></li><li><p>Zero configuration</p><ul><li>Alleviate users of exchanging endpoint IPs & ports</li></ul></li><li><p>Enables direct communication of WireGuard peers behind NAT / UDP-blocking firewalls</p></li><li><p>Single-binary, zero dependency installation</p><ul><li>Bundled ICE agent & <a href="https://git.zx2c4.com/wireguard-go" target="_blank" rel="noopener noreferrer">WireGuard user-space daemon</a></li><li>Portability</li></ul></li><li><p>Support for user and kernel-space WireGuard implementations</p></li><li><p>Zero performance impact</p><ul><li>Kernel-side filtering / redirection of WireGuard traffic</li><li>Fallback to user-space proxying only if no Kernel features are available </li></ul></li><li><p>Minimized attack surface</p><ul><li>Drop privileges after initial configuration</li></ul></li><li><p>Compatible with existing WireGuard configuration utilities like:</p><ul><li><a href="https://github.com/max-moser/network-manager-wireguard" target="_blank" rel="noopener noreferrer">NetworkManager</a></li><li><a href="https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BWireGuard%5D%20Section%20Options" target="_blank" rel="noopener noreferrer">systemd-networkd</a></li><li><a href="https://manpages.debian.org/unstable/wireguard-tools/wg-quick.8.en.html" target="_blank" rel="noopener noreferrer">wg-quick</a></li><li><a href="https://kilo.squat.ai" target="_blank" rel="noopener noreferrer">Kilo</a></li><li><a href="https://seashell.github.io/drago/" target="_blank" rel="noopener noreferrer">drago</a></li></ul></li><li><p>Monitoring for new WireGuard interfaces and peers</p><ul><li>Inotify for new UAPI sockets in /var/run/wireguard</li><li>Netlink subscription for link updates (patch is pending)</li></ul></li></ul><h2 class="anchor anchorWithStickyNavbar_LWe7" id="related-rfcs">Related RFCs<a class="hash-link" href="#related-rfcs" title="Direct link to heading"></a></h2><ul><li><a href="https://datatracker.ietf.org/doc/html/rfc6544" target="_blank" rel="noopener noreferrer">RFC6544</a> TCP Candidates with Interactive Connectivity Establishment (ICE)</li><li><a href="https://datatracker.ietf.org/doc/html/rfc8838" target="_blank" rel="noopener noreferrer">RFC8838</a> Trickle ICE: Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (ICE) Protocol</li><li><a href="https://datatracker.ietf.org/doc/html/rfc8445" target="_blank" rel="noopener noreferrer">RFC8445</a> Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal</li><li><a href="https://datatracker.ietf.org/doc/html/rfc8863" target="_blank" rel="noopener noreferrer">RFC8863</a> Interactive Connectivity Establishment Patiently Awaiting Connectivity (ICE PAC)</li><li><a href="https://datatracker.ietf.org/doc/html/rfc8839" target="_blank" rel="noopener noreferrer">RFC8839</a> Session Description Protocol (SDP) Offer/Answer Procedures for Interactive Connectivity Establishment (ICE)</li><li><a href="https://datatracker.ietf.org/doc/html/rfc6062" target="_blank" rel="noopener noreferrer">RFC6062</a> Traversal Using Relays around NAT (TURN) Extensions for TCP Allocations</li><li><a href="https://datatracker.ietf.org/doc/html/rfc8656" target="_blank" rel="noopener noreferrer">RFC8656</a> Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)</li><li><a href="https://datatracker.ietf.org/doc/html/rfc8489" target="_blank" rel="noopener noreferrer">RFC8489</a> Session Traversal Utilities for NAT (STUN)</li><li><a href="https://datatracker.ietf.org/doc/html/rfc8866" target="_blank" rel="noopener noreferrer">RFC8866</a> SDP: Session Description Protocol</li><li><a href="https://datatracker.ietf.org/doc/html/rfc3264" target="_blank" rel="noopener noreferrer">RFC3264</a> An Offer/Answer Model with the Session Description Protocol (SDP)</li><li><a href="https://datatracker.ietf.org/doc/html/rfc7064" target="_blank" rel="noopener noreferrer">RFC7064</a> URI Scheme for the Session Traversal Utilities for NAT (STUN) Protocol</li><li><a href="https://datatracker.ietf.org/doc/html/rfc7065" target="_blank" rel="noopener noreferrer">RFC7065</a> Traversal Using Relays around NAT (TURN) Uniform Resource Identifiers</li></ul></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/stv0g/cunicu/edit/master/docs/design.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/usage/usecases"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Use-cases</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/comparison"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Comparison</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#architecture" class="table-of-contents__link toc-highlight">Architecture</a></li><li><a href="#objectives" class="table-of-contents__link toc-highlight">Objectives</a></li><li><a href="#related-rfcs" class="table-of-contents__link toc-highlight">Related RFCs</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Docs</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/docs">Tutorial</a></li></ul></div><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://gophers.slack.com/archives/C036CTEGJFN" target="_blank" rel="noopener noreferrer" class="footer__link-item">Slack<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://twitter.com/cunicuVPN" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">More</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/blog">Blog</a></li><li class="footer__item"><a href="https://github.com/stv0g/cunicu" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2022 Institute for Automation of Complex Power Systems, RWTH Aachen University.</div></div></div></footer></div>
|
||
<script src="/assets/js/runtime~main.0d972120.js"></script>
|
||
<script src="/assets/js/main.d3aebcf9.js"></script>
|
||
</body>
|
||
</html> |