Open xkilian opened 5 years ago
UDP is a must I believe, otherwise right now carbon-relay-ng only covers a small subset of possible configurations where it could be useful
seems like the right place to implement this is in destination/destination.go
: allow a Destination
to use an udp output rather than a tcp connection
Have a configuration option to use UDP instead of TCP for carbon line protocol. Fire and forget strategy.
This will permit sending data streams from a high security environment to a low security environment without compromising the high security side. This can be done by sending the UDP stream via a datadiode or via a router with a deny all ACL on its outside interface. This enforces one way trafic in hardware or ACLs. This is different from sending a two-way TCP stream through a Firewall which leaves more possibility for abuse.