TCP tunnelling allows clients to tunnel TCP traffic over a Nabto connection to the device. The TCP Tunnel module uses the Authorization API to determine if actions are allowed on a given connection. An Authorization Request listener must therefore be configured when using TCP tunnelling. It is recomended to use the Nabto IAM module to handle Authorization Requests.
A TCP tunnel client first makes a CoAP request:
/tcptunnels/connect/:serviceId - this will check that the given
connection is authorized to create a connection to the specific TCP
Service and return the
StreamPort the client needs to use for
Later, when a TCP connection is made through the client, a new
stream is created to the
StreamPort obtained in the previous
step. When this happens, the device makes another authorization
request which again checks that the given connection is allowed to
connect to the specific TCP Service.
The TCP tunnelling module has the following authorization actions:
Actions: TcpTunnel:ListServices CoAP request to list services TcpTunnel:GetService CoAP request to get information for a specific service TcpTunnel:Connect See note below
Note on the
TcpTunnel:Connect action: When used in CoAP context,
it is used to test permissions for establishing a stream connection
and to get information about the connection. When used in Streaming
context, it is used to authorize an actual stream connection.
The TCP Tunnelling module has the following authorization attributes:
Attributes: TcpTunnel:ServiceId The id of the service. TcpTunnel:ServiceType The type of the service.