forked from robur-coop/miragevpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
multi-stack-vs-single-stack.dot
81 lines (64 loc) · 3 KB
/
multi-stack-vs-single-stack.dot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#digraph G {
ranksep=0.1;
nodesep=0.25;
penwidth=1.5;
pencolor=grey;
fontsize=16;
layout="dot";
newrank=true;
node[style=filled];
subgraph cluster_cons {
label = "Consumer\ne.g. PongOS\nor mirage-firewall";
style=filled; pencolor=chartreuse4;penwidth=0.8;
color=chartreuse3;
node [color=chartreuse];
cons_firewall[shape=tab,label="Consumer IP stack"];
}
subgraph cluster_two {
label = "VPN unikernel\nTwo stacks variant";
labeljust="l"; style=rounded;bgcolor=lightgrey;
node [color=cornflowerblue];
uk_local[shape=tab,color=chartreuse,label="Internal user\n e.g. CalDAV client"];
uk_ip_down[label="Int. IP stack",peripheries=2];
uk_traceroute[shape=tab,color=coral3,label="External user\n e.g. Ping (no VPN)"];
uk_vpn[label="OpenVPN stack",peripheries=2];
uk_ip_up[label="Ext. IP stack",color=coral3,peripheries=2];
uk_traceroute -> uk_ip_up [taillabel="\nunikernel task\nno VPN",style=dashed,penwidth=1.5];
uk_vpn -> uk_ip_up [color=cornflowerblue,penwidth=2];
uk_ip_down -> uk_vpn [tailport="se"];
uk_local -> uk_vpn [taillabel="unikernel task\nusing VPN",tailport="sw"];
}
subgraph cluster_one {
label = "VPN unikernel\nOne stack variant";
labeljust="l"; style=rounded;bgcolor=lightgrey;
height=1;fixedsize=true;len=0.1;
node [color=cornflowerblue];
ouk_local[shape=tab,color=chartreuse,label="Internal user\ne.g. CalDAV client"];
ouk_traceroute[shape=tab,color=coral3,label="External user\ne.g. Ping (no VPN)"];
ouk_vpn[label="OpenVPN stack",peripheries=2];
ouk_ip[label="Shared IP stack",color=coral3,peripheries=2];
ouk_ip -> ouk_vpn [label="Hook in routing table",dir="both",penwidth=2,color=cornflowerblue];
ouk_local -> ouk_ip [taillabel="\nunikernel task\nusing VPN",tailport="se",headport="e"];
ouk_traceroute -> ouk_ip [taillabel="\nunikernel task\nno VPN",tailport="se",style=dashed,penwidth=1.5];
}
subgraph cluster_up {
label = "VPN provider";
labeljust="l"; style=rounded;bgcolor=lightgrey;
up_vpn[color=coral3,label="Upstream VPN",peripheries=2];
uk_ip_up -> up_vpn [color=cornflowerblue,penwidth=2,headport="w"];
}
subgraph cluster_inet {
label = "The internet"; labeljust="l";labelloc="b";
style=rounded; pencolor = lightgrey; style = dashed;
proxied_target[shape=tab,color=chartreuse,label="Host reached through proxy"];
unproxied_target[shape=tab,color=coral3,label="Host reached directly"];
proxied_target -> unproxied_target [style=invis];
}
cons_firewall -> ouk_ip [tailport="se"];
cons_firewall -> ouk_ip [style=invis,tailport="se"];
cons_firewall -> uk_ip_down [tailport="w"];
up_vpn -> proxied_target [color=red,style=dashed,penwidth=3];
ouk_ip -> up_vpn [color=cornflowerblue,penwidth=2,headport="ne",penwidth=2];
ouk_ip -> unproxied_target [headport="e",style=dashed,penwidth=1.5];
uk_ip_up -> unproxied_target [style=dashed,headport="w",tailport="sw",penwidth=1.5];
}