TCP tunnelling allows clients to tunnel TCP traffic over a Nabto connection to the device. The TCP Tunnel module uses the Authorization API to determine if actions are allowed on a given connection. An Authorization Request listener must therefore be configured when using TCP tunnelling. It is recomended to use the Nabto IAM module to handle Authorization Requests.
A TCP tunnel client first makes a CoAP request:
GET /tcptunnels/connect/:serviceId - this will check that the given connection is authorized to create a connection to the specific TCP Service and return the
StreamPort the client needs to use for that connection.
Later, when a TCP connection is made through the client, a new stream is created to the
StreamPort obtained in the previous step. When this happens, the device makes another authorization request which again checks that the given connection is allowed to connect to the specific TCP Service.
The TCP tunnelling module has the following authorization actions:
Actions: TcpTunnel:ListServices CoAP request to list services TcpTunnel:GetService CoAP request to get information for a specific service TcpTunnel:Connect See note below
Note on the
TcpTunnel:Connect action: When used in CoAP context, it is used to test permissions for establishing a stream connection and to get information about the connection. When used in Streaming context, it is used to authorize an actual stream connection.
The TCP Tunnelling module has the following authorization attributes:
Attributes: TcpTunnel:ServiceId The id of the service. TcpTunnel:ServiceType The type of the service.