stuartl/absurd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial check-in.

Browse Source
This commit is contained in:
Stuart Longland 2018-09-27 21:58:19 +10:00
commit ec85065603
Signed by: stuartl
GPG Key ID: 6AA32EFB18079BAA
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
COPYING Normal file
View File

@ -0,0 +1,2 @@
GNU General Public License, version 2 or any later version.
See GPL-2 or GPL-3 for the full text of these licenses.

39
README.md Normal file
View File

@ -0,0 +1,39 @@
ABSURD: A bewilderingly silly userspace routing daemon
======================================================
ABSURD is a TCP/IP routing and firewalling tool for performing stateful
firewalling and routing of IP traffic according to configurable rules.
Right now, no code exists, but the idea is as follows:
- The daemon will consist of a core packet switch which listens on a `tun`
interface and exposes some virtual subnets to the host, whilst providing an
interface to those subnets via a Unix-domain socket.
- Plug-in applications then connect to the Unix-domain socket and can
"register" interest in receiving particular subsets of the traffic routed to
the virtual subnet. They can also bind to virtual addresses on those
subnets to be able to initiate communications.
Some possible applications:
- Stateful NAT64 (RFC-6146) and NAT46 (draft-liu-behave-nat46-02), including
cross-protocol port forwarding.
- DNS64 (RFC-6147)
- PCP (RFC-6887)
- SNI-based routing, so your TLS server's logs show an IPv6 address derived
from the address of the IPv4 client for auditing purposes, instead of the IP
address of your SNI proxy server.
- Application-level firewalling (e.g. let your Wordpress blog access Wordpress
for security updates without having to know every IP they host sites on),
- Deep-packet inspection.
This is obviously not a replacement for netfilter, pf or any other firewall
you care to name. It's a compliment to it. Passing packets in and out of
userspace has the distinct downside of performance penalties, thus for high
performance routing, any kernel solution is going to run rings around this.
That said, on small home/business networks, the Internet link is typically
100Mbps or less, and even a Raspberry Pi packs a decent amount of computing
oomph. Likely, we should be able to keep up with most small Internet
connections. The aim will be for something that can keep up with ADSLv2 and
similar grade links on modest hardware.