Network Manifesto #

In the Manifesto, which specifies resources necessary for the application, the "networks" field defines the connection destination used for communication. In particular, this specification is called the network manifesto.

How to specify connection destinations #

There are three ways of specifying connection destinations in the network manifesto; either by specifying a domain, the entire local network, or a multicast address. The first two methods serve a SOCKS proxy that allows connections to the specified addresses, and all communications happen through it. In the case of specifying the multicast address, regular communication is possible without an extra procedure.

How to specify domains #

A combination of domain, port and protocol can be specified.

key	description
`domain`	The Internet hostname of the destination
`port`	The port number to connect to
`protocol`	Protocol on connection (`"tcp"` or `"udp"`)

Wildcard in the `domain` #

The domain you connect to can be partially matched by using wildcards(*).

Wildcards can be used in subdomain positions and will match any sequence of alphanumeric characters or hyphens.

Example: Amazon API Gateway

Using the following Amazon API Gateway REST API URL, if you want to match any restapi_id and region, specify it as *.execute-api.*.amazonaws.com.

https://{restapi_id}.execute-api.{region}.amazonaws.com

Wildcards must be specified in each label.

Example: The case of connecting {foo}.example.com and {bar}.{foo}.example.com

*.example.com and *.*.example.com should be specified.

Example: The case of connecting {foo}.example.com and example.com

*.example.com and example.com should be specified.

How to specify the entire local network #

A combination of local_addr, port, and protocol should be specified. This allows the Act to connect to the ranges of IPv4 private addresses (10/8, 172.16/12, 192.168/16) and IPv6 unique local addresses (FD00::/8).

key	description
`local_addr`	Allow local addresses (only `true` can be specified)
`port`	The port number to connect to
`protocol`	Protocol on connection (`"tcp"` or `"udp"`)

For a detailed definition of the schema, see https://actcast.io/schema/v6/manifesto_schema.json.

Example: In the case of connecting to an HTTP server on the local network

If you want to access port 80 of a server located on the same local network as the device, set it as follows.

"networks": [
    { "local_addr": true, "port": 80, "protocol": "tcp" }
]

How to specify a multicast address #

Specify the multicast_addr, port, protocol, and direction. IP multicast communication is a one-way communication protocol with one-to-many communication. Therefore, direction specifies the direction of transmission and reception.

key	description
`multicast_addr`	IP multicast address of the destination (`224.0.0.0/4`)
`port`	The port number to connect to
`protocol`	Protocol on the connection (only `"udp"` can be specified)
`direction`	Type of sending or receiving (`"send"` or `"recv"`)

For a detailed definition of the schema, see https://actcast.io/schema/v6/manifesto_schema.json.

Example: In the case of receiving multimedia data from an RTP server

If you want to receive multicast data from an RTP server of 224.0.0.120, set it as follows.

"networks": [
    { "multicast_addr": "224.0.0.120", "port": 5001, "protocol": "udp", "direction": "recv" }
]

Connecting to the proxy #

ACTCAST_SOCKS_SERVER

The ACTCAST_SOCKS_SERVER is an environment variable that is set on starting the Actcast application container. This environment variable is set to the address and port number of the SOCKS proxy in the form <IP address>:<port number>.

Use the address contained in this environment variable to connect to the specified hosts when using either Specify domain name or Specify local network in the network manifesto.

Examples #

Here is an example of how to use the network manifesto.

Making an HTTP request to https://actcast.io in a Python app #

If you want to use the SOCKS proxy in your Python app, you can use the Requests and PySocks packages, for example.
To use them, add requests and pysocks to the pip list of the .actdk/dependencies.json, as follows:

{
  ...
  "pip": [
    ...
    "requests",
    "pysocks"
  ]
}

Then, specify the connections inside manifesto/*.json. This time, we want to access https://actcast.io, so we specify the following

{
  ...
  "networks": [
    {
      "domain": "actcast.io",
      "port": 443,
      "protocol": "tcp"
    }
  ]
}

Finally, call requests.get() with proxies. you need to specify socks5h as a URI Scheme and let the SOCKS proxy resolve the names.

import os
import requests

requests.get(
    'https://actcast.io',
    proxies={
        'https': f'socks5h://{os.environ["ACTCAST_SOCKS_SERVER"]}'
    }
)  # => <Response [200]>

Access another server on the local network with a Python app #

As in the Making an HTTP request to https://actcast.io in a Python app example, add requests and pysocks to the pip of the .actdk/dependencies.json

Then, on another machine on your local network, run $ python3 -m http.server 80 to start the server.

Next, specify "local_addr": true in the manifesto/*.json.

{
  ...
  "networks": [
    {
      "local_addr": true,
      "port": 80,
      "protocol": "tcp"
    }
  ]
}

Finally, call requests.get() with proxies. Unlike the Making an HTTP request to https://actcast.io in a Python app example, we don’t need to resolve the name, so we specify socks5 instead of socks5h.

import os
import requests
requests.get(
    'http://192.168.1.100',
    proxies={
        'http': f'socks5://{os.environ["ACTCAST_SOCKS_SERVER"]}'
    }
)  # => <Response [200]>