summaryrefslogtreecommitdiffhomepage
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/architecture.md47
-rw-r--r--docs/security.md30
2 files changed, 77 insertions, 0 deletions
diff --git a/docs/architecture.md b/docs/architecture.md
new file mode 100644
index 0000000000..f87c18fb33
--- /dev/null
+++ b/docs/architecture.md
@@ -0,0 +1,47 @@
+# Mullvad VPN app architecture
+
+This document describes the code architecture and how everything fits together.
+
+For security and anonymity properties, please see [security](security.md).
+
+## Mullvad vs talpid
+
+Explain the differences between these layers and why the distinction exists.
+My thought was that after this section every aspect of the app is explained
+under either the Mullvad or the Talpid header. So it's clear which part they
+belong to. I yet don't know if this makes sense though.
+
+
+## Mullvad part of daemon
+
+### Frontend <-> system service communication
+
+### Talking to api.mullvad.net
+
+### Selecting relay and bridge servers
+
+### Problem reports
+
+
+## Talpid part of daemon
+
+### Tunnel state machine
+
+### System DNS management
+
+### Firewall integration
+
+### Detecting device offline
+
+### OpenVPN plugin and communication back to system service
+
+
+## Frontends
+
+### Desktop Electron app
+
+### Android
+
+### iOS
+
+### CLI
diff --git a/docs/security.md b/docs/security.md
new file mode 100644
index 0000000000..af2d8f5f3d
--- /dev/null
+++ b/docs/security.md
@@ -0,0 +1,30 @@
+# Mullvad VPN app security
+
+This document describes the security properties of the Mullvad VPN app. It describes it for all
+platforms and their differences.
+
+This document does not describe *how* we reach and uphold these properties, just what they are.
+See the [architecture](architecture.md) document for details on how this security is implemented.
+
+
+## App states
+
+### Disconnected
+
+### Connecting
+
+### Connected
+
+### Disconnecting
+
+### Blocked
+
+
+## Firewall
+
+The states above should probably explain what can and can't be reached in the different states.
+But we might need/want this section in case there is something that does not fit above.
+
+## DNS
+
+Where are DNS requests sent?
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.