Expedite progress – think in the future, become estranged from the now.
netwine
netwine is a standalone TCP proxy/bridging server that allows for seamless connections from a JavaScript-enabled Browser to an external server.
Traditionally, JavaScript networking functions using a push/pull mechanism, wherein bidirectional TCP streams are unavailable. However, as has been done with various projects to date (such as XMPP and others), bidirectional TCP connections can be simulated by using one dedicated socket for streaming to the client (combined with client-side socket polling), and one or more other sockets for sending to the server.
Jargon:
- Client - JavaScript browser client, generally
- Proxy/Proxy Server - netwine
- TCP Server - external server that Client wishes to connect to
+----------+
/<------ | |
/ in | Proxy |
[ JavaScript Client ] | | <-------> [ TCP Server ]
\ out | Instance |
\------> | |
+----------+
The order of operations is simple:
- Client requests connection
- server attempts to connect to TCP server and if successful:
- server responds with “OK” + one-time use key
- this establishing socket is used as client’s input stream
- any immediate information from the TCP server is sent to client
- Client then uses key in outbound messages
- messages are passed to TCP server seemlessly
It is recommended by the developer that you host the proxy and the target server on the same machine or network if possible, as any proxy usage results in some network latency (also note that cross-domain policies are quite restricted in the standard browser environment). Please note that security is left up to the network setup of the user(you) – if using Apache, consider proxying through HTTPS.
In this version of netwine, only the basic bi-directional TCP proxying is implemented, however future versions will likely implement WebSockets for greater efficiency and security. Furthermore, future versions may also provide a library to enable netwine-like functionality to be easily added to any project. Finally, it is possible to add support to connect to a UDP Server, which may be added in a future version.
netwine is written in C.
Design Notes
Although not necessary, a twine server is capable of serving files as a limited HTTP server. Alternatively, the twine server would be proxied to from a more capable HTTP server such as Apache. Either approaches are due to cross-domain restrictions.
Optionally, an allowed hosts file can be used to restrict use from particular domain names or IPs - perhaps ranges as well.
Going the opposite direction, a target hosts file can be used to restrict the hosts and ports that the proxy will connect to. Furthermore, a client may freely use any server:port if allowed on the server. Note that there are many potential security issues if allowing such freedom to the client in an unrestricted environment.
An obvious security implication is that this design will mask the true client from the server, as is the case with proxies. This could be handled using a limited proxy<->server communication protocol, however such a process should be left up to the developer of the server. Some form of logging capability will likely be added to the proxy, wherein the client’s IP, target, time, etc., could be logged if enabled.