TCP tunnelling allows clients to tunnel TCP traffic over a Nabto connection to the device.
A TCP tunnel client first makes a CoAP request:
GET /tcptunnels/connect/:serviceId - this will
check that the given connection is authorized to create a connection to the specific TCP Service
and return the
StreamPort the client needs to use for that connection.
Later, when a TCP connection is made through the client, a new stream is created to the
StreamPort obtained in the previous step. When this happens, the device makes another
authorization request which again checks that the given connection is allowed to connect to the
specific TCP Service.
The TCP tunnelling module has the following authorization actions:
Actions: TcpTunnel:ListServices CoAP request to list services TcpTunnel:GetService CoAP request to get information for a specific service TcpTunnel:Connect See note below
Note on the
TcpTunnel:Connect action: When used in CoAP context, it is used to test permissions
for establishing a stream connection and to get information about the connection. When used in
Streaming context, it is used to authorize an actual stream connection.
The TCP Tunnelling module has the following authorization attributes:
Attributes: TcpTunnel:ServiceId The id of the service. TcpTunnel:ServiceType The type of the service.