Knock, Knock: Unikernels Calling!
The lightweight and secure nature of Unikernels means that a prime use-case is to customise network behaviour. At the same time, the high-level languages that many are written in means that this sort of low-level coding is opened up to those who might not traditionally consider themselves "systems developers". MirageOS is a particular unikernel platform built in the OCaml functional programming language. Able to seamlessly target a range of environments, from a local (POSIX) development environment to Xen virtual machines running on the cloud, it is a prime example of the ways that unikernels open up low-level development. I will briefly introduce MirageOS before walking through an example developing and then running on Xen a simple network proxy using MirageOS. This proxy will implement a basic form of port-knocking, requiring a sequence of TCP connections (SYNs) to be made to the proxy to indicate a target, before permitting an outgoing connection to that target to be made. Thanks to Thomas Gazagnaire for the material used in the walkthrough!