Overview
Preliminary redesign based on feedback regarding desire to use web proxies between subnets:
- Assume firewall type O only allows outbound TCP connections. That means we want to keep the connection open, probably with heartbeat, from inside, and route fbp822 messages both directions through it. This is not that different from the 4.2.0 design, except we'd probably use HTTP for the TCP protocol (but this would only work if we can count on keepalive).
- Assume firewall type P allows inbound connections via a web proxy, to selected hosts. That means we could do something like this, though it would actually be more complicated:
- whohas
- HTTP GET
- UDP broadcast
- ihave
- HTTP POST
- UDP broadcast
- sendme
- HTTP POST
- push (for outbound via firewall)
- HTTP POST
- pull
- HTTP GET
- whohas
- The easiest thing to do is not use HTTP at all -- the 4.2.0 design just used a raw TCP socket, with either end initiating connection. It kept it open, and routed fbp822 messages through it.
- It might be even easier to just assume that some people will want type O, some type P, and there might be others -- I can see a type S (ssh) for instance. We'll likely need to make all these configuration-time pluggable modules.
Open Issues
- How do we dynamically select between type O and P, if we support both modes?
- Is REST appropriate here? (Probably not, due to type O firewall.)
- Can we discard the type P case altogether and just assume all interhost TCP connections are via a type O firewall? (This was the 4.2.0 design, but we'll likely need the pluggable modules instead.)
- See AJAX (XMLHTTPRequest Javascript class?) -- two HTTP connections; one persistent for outbound, client makes second request for inbound data.
