-
Notifications
You must be signed in to change notification settings - Fork 7
Incremental Deployment
The Serval source code includes a translator that can translate AF_INET sockets to AF_SERVAL sockets (or vice versa). The translator uses the Linux splice functionality to move data between two types of sockets very efficiently, using in-kernel zero-copying. The translator supports the following scenarios:
Client applications are unmodified and want to access, for instance, a Serval-based web service. A typical setup would look as follows (T for translator):
AF_INET client/app ----> T(AF_INET-to-AF_SERVAL) ----> SR ---> web service
Here the translator listens on a specific port (e.g., Web, port 80) and connects to a corresponding serviceID, representing the Serval-based web service. The translator can run on the client or in the network. The client connects to IP_TRANSLATOR:80.
The translator machine must run the Serval kernel module, with a service table rule pointing to the web service's service router (SR) or directly to a webserver, e.g.:
./src/tools/serv service add 80 SR_IP
The translator can then be started as follows:
./src/translator/translator -p 80
Client applications are unmodified and want to access any legacy Internet website, but wants to gain the mobility/migration benefits of Serval. The translator should in this case run on the client (the translator supports Linux and Android). The setup looks as follows:
Client app (AF_INET) ---> T(AF_INET-to-AF_SERVAL on client) ---> T(AF_SERVAL-to-AF_INET) --> Internet service
The client-side translator should be started as follows (in this example listening on port 8080):
./src/translator/translator -x -p 8080
Then add the following NAT rules on the client to redirect traffic (in this case web traffic) to the translator listening on port 8080:
iptables -t nat -A OUTPUT -p tcp --destination 0.0.0.0/0.0.0.0 --dport 80 -m tcp --syn -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -p tcp --destination 0.0.0.0/0.0.0.0 --dport 443 -m tcp --syn -j REDIRECT --to-ports 8080
The client-side translator will by default connect to serviceID starting with 0x00001f9. The original IP address and port of the destination will be put at the end of the serviceID. The client should therefore also add a service table rule for the prefix 0x00001f9, pointing to a T(AF_SERVAL-to-AF_INET) translator in the network:
./src/tools/serv service add 0x00001f9:128 IP_NETWORK_TRANSLATOR
The in-network translator at IP_NETWORK_TRANSLATOR should be run as follows:
./src/translator/translator -x -s 0x00001f9:128
On Android, just run the Serval app and start the translator from there. It will automatically add the NAT rules for ports 80 and 443. You also need to add the service table rule using the app, pointing to the in-network AF_SERVAL-to-AF_INET translator.
The last translation option is to allow Serval-running clients to access legacy websites via an AF_SERVAL-to-AF_INET translator. However, this requires the translator to maintain a mapping between serviceIDs and IP:port combinations, and a way for the client to specify which serviceID to access for a specific website. This is something which is not yet implemented, although the translator technically supports the translation between AF_SERVAL and AF_INET sockets.