forked from robur-coop/miragevpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
multi-stack.dot
69 lines (55 loc) · 2.4 KB
/
multi-stack.dot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
digraph G {
ranksep=0.2;
nodesep=0.6;
penwidth=1.5;
pencolor=grey;
layout="dot";
compound=true;
newrank=true;
node[style=filled];
subgraph cluster_cons {
label = "Consumer\ne.g. PongOS\nor mirage-firewall";
style=filled; pencolor=chartreuse4;penwidth=0.8;
color=chartreuse3;
node [color=chartreuse];
cons_firewall[shape=tab,label="Consumer IP stack\n10.38.2.2"];
}
subgraph cluster_two {
label = "VPN unikernel\nMulti-stack example";
labeljust="l"; style=rounded;bgcolor=lightgrey;
node [color=cornflowerblue];
int_user[label="Internal user\n e.g. CalDAV client\n10.38.2.80",shape=tab,color=chartreuse,];
int_stack[label="Int. IP stack\n+ OpenVPN\n10.38.2.1",peripheries=2];
ext_user[label="External user\n e.g. Ping (no VPN)\n192.168.1.5",shape=tab,color=coral3];
ext_stack[label="Ext. IP stack\n192.168.1.5",color=coral3,peripheries=2];
ext_user -> ext_stack [taillabel="\nunikernel task\nno VPN",style=dashed,penwidth=1.5];
int_stack -> ext_stack [color=cornflowerblue,penwidth=2];
int_user -> int_stack [taillabel="unikernel task\nusing VPN",tailport="se"];
padding [shape = point, style = invis,weight=1];
padding2 [shape = point, style = invis,weight=1];
{rank=same; ext_user, int_stack }
{rank=same; padding, ext_stack }
}
subgraph cluster_provider {
label = "VPN provider";
labeljust="l"; style=rounded;bgcolor=lightgrey;
provider_vpn[color=coral3,label="Upstream VPN\n1.2.3.4",peripheries=2];
}
subgraph cluster_inet {
label = "The internet"; labeljust="l";labelloc="b";
style=rounded; pencolor = lightgrey; style = dashed;
proxied_target[shape=tab,color=chartreuse,label="Host reached through proxy\n6.6.6.6"];
unproxied_target[shape=tab,color=coral3,label="Host reached directly\n192.168.1.1"];
}
{rank=same; provider_vpn, unproxied_target}
{rank=same; cons_firewall,int_stack }
#{rank=same; cons_firewall,int_user}
xxx[style=invis];
cons_firewall -> xxx[style=invis];
xxx -> int_stack[style=invis];
ext_stack -> provider_vpn [color=cornflowerblue,penwidth=2];
cons_firewall -> int_stack [tailport="e",headport="w"];
proxied_target -> unproxied_target [style=invis];
provider_vpn -> proxied_target [color=red,style=dashed,penwidth=3,headport="w"];
ext_stack -> unproxied_target [style=dashed,tailport="se",penwidth=1.5];
}