Package: external-protocol
Version: 20231119-r1
Depends: libc
Source: feeds/packages/net/external-protocol
SourceName: external-protocol
Section: net
SourceDateEpoch: 1744823070
Maintainer: Oskari Rauta <oskari.rauta@gmail.com>
Architecture: all
Installed-Size: 10240
Description:  external protocol is a general protocol for assisting
 setup of many virtual devices that lack proper
 protocol support in openwrt. Such as netavark, cni and
 netbird for example. External protocol is supposed
 to be managed with external software, not directly.
 
 external protocol works automaticly on the background
 and sets up netifd details when interface comes up or
 goes down. This allows one to easily add interface to
 a firewall zone.
 
 as a example use case, podman, with network where it's
 internal firewall and portmapper are disabled, control
 of firewalling, whether it was exposing ports or
 limiting/accepting access between networks, such as
 lan can be made through openwrt's own firewalling
 configuration if you used external protocol.
 
 podman example configuration could be as following:
 - lan network: 10.0.0.0/16 (255.255.0.0)
 - container network: 10.129.0.1/24 (255.255.255.0)
 
 Add a network configuration for your container network
 using external protocol. Then create firewall zone for it.
 
 You could create a new container/pod with static ip
 address 10.129.0.2 (as 10.129.0.1 as container network's
 gateway).
 
 Easily define permissions so that local networks can
 connect to container network, but not the other way around.
 Also you want to allow forwarding from/to wan.
 
 Now, as container cannot access local dns, make a rule for
 your firewall to accept connections from container network
 to port 53 (dns).
 
 Now all you have to do, is make redirects to your firewall
 and point them to 10.129.0.2 and connections from wan are
 redirectered to containers/pods.
 
 external protocol also works for other applications as
 well that are using veth/tun/etc devices and don't have
 a hand-tailored protocol available, such as vpn service
 netbird.
 
 Protocol has 3 settings: device, searchdomain and delay.
 Sometimes polling interfaces takes some time, and in
 that case you might want to add few seconds to delay.
 Otherwise, it can be excluded from configuration.
 Option for searchdomain is also completely optional.
 
 package was previously known as cni protocol but as
 it can be used on so many other things, naming became
 mis-leading and it was renamed to external protocol.
