Port replay filter and sketch router state

author: Mathias Hall-Andersen <mathias@hall-andersen.dk> 2019-08-12 21:04:19 +0200
committer: Mathias Hall-Andersen <mathias@hall-andersen.dk> 2019-08-12 21:04:19 +0200
commit: 723a1b8e858346ef98559788540915bc0cc93eb0 (patch)
tree: 81d9ef0a0dd9042b23a21475845689bafb1d822d /src/router/device.rs
parent: Work on sketching router interface (diff)
download: wireguard-rs-723a1b8e858346ef98559788540915bc0cc93eb0.tar.xz
wireguard-rs-723a1b8e858346ef98559788540915bc0cc93eb0.zip
1 files changed, 54 insertions, 25 deletions
diff --git a/src/router/device.rs b/src/router/device.rs
index 67702cd..1296be6 100644
--- a/src/router/device.rs
+++ b/src/router/device.rs
@@ -1,39 +1,69 @@
-use std::net::SocketAddr;
+use arraydeque::{ArrayDeque, Wrapping};
+use treebitmap::IpLookupTable;
+
+use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr};
+use std::sync::atomic::{AtomicPtr, AtomicU64};
+use std::sync::{Arc, Mutex};
+use std::time::Instant;
+
 use super::super::types::KeyPair;
+use super::anti_replay::AntiReplay;
+
+const MAX_STAGED_PACKETS: usize = 128;
 
 pub struct Device {
+    ipv4: IpLookupTable<Ipv4Addr, Arc<Peer>>,
+    ipv6: IpLookupTable<Ipv6Addr, Arc<Peer>>,
+}
+
+struct KeyState(KeyPair, AntiReplay);
 
+struct EncryptState {
+    key: [u8; 32],    // encryption key
+    id: u64,          // sender id
+    nonce: AtomicU64, // next available nonce
+    death: Instant,   // can must the key no longer be used:
+                      // (birth + reject-after-time - keepalive-timeout - rekey-timeout)
 }
 
-pub struct Peer {
+struct KeyWheel {
+    next: AtomicPtr<Arc<Option<KeyState>>>, // next key state (unconfirmed)
+    current: AtomicPtr<Arc<Option<KeyState>>>, // current key state (used for encryption)
+    previous: AtomicPtr<Arc<Option<KeyState>>>, // old key state (used for decryption)
+}
 
+pub struct Peer {
+    staged_packets: Mutex<ArrayDeque<[Vec<u8>; MAX_STAGED_PACKETS], Wrapping>>, // packets awaiting handshake
+    rx_bytes: AtomicU64,                                                        // received bytes
+    tx_bytes: AtomicU64,                                                        // transmitted bytes
+    keys: KeyWheel,                                                             // key-wheel
+    encryption: AtomicPtr<Arc<EncryptState>>, // current encryption key (starts expired)
 }
 
-pub struct PeerRef {}
+pub struct PeerRef();
 
 impl Device {
-
     pub fn new() -> Device {
         unimplemented!();
     }
 
     /// Adds a new peer to the device
-    /// 
+    ///
     /// # Returns
-    /// 
+    ///
     /// An opaque value representing the peer.
     pub fn add(&self) -> PeerRef {
         unimplemented!();
     }
 
     /// Cryptkey routes and sends a plaintext message (IP packet)
-    /// 
+    ///
     /// # Arguments
-    /// 
+    ///
     /// - pt_msg: IP packet to cryptkey route
-    /// 
+    ///
     /// # Returns
-    /// 
+    ///
     /// A peer reference for the peer if no key-pair is currently valid for the destination.
     /// This indicates that a handshake should be initated (see the handshake module).
     /// If this occurs the packet is copied to an internal buffer
@@ -45,31 +75,30 @@ impl Device {
     /// Sends a message directly to the peer.
     /// The router device takes care of discovering/managing the endpoint.
     /// This is used for handshake initiation/response messages
-    /// 
+    ///
     /// # Arguments
-    /// 
+    ///
     /// - peer: Reference to the destination peer
     /// - msg: Message to transmit
     pub fn send_raw(&self, peer: PeerRef, msg: &mut [u8]) {
         unimplemented!();
     }
-    
 
     /// Flush the queue of buffered messages awaiting transmission
-    /// 
+    ///
     /// # Arguments
-    /// 
+    ///
     /// - peer: Reference for the peer to flush
     pub fn flush_queue(&self, peer: PeerRef) {
         unimplemented!();
     }
-    
+
     /// Attempt to route, encrypt and send all elements buffered in the queue
-    /// 
+    ///
     /// # Arguments
-    /// 
+    ///
     /// # Returns
-    /// 
+    ///
     /// A boolean indicating whether packages where sent.
     /// Note: This is used for implicit confirmation of handshakes.
     pub fn send_run_queue(&self, peer: PeerRef) -> bool {
@@ -77,22 +106,22 @@ impl Device {
     }
 
     /// Receive an encrypted transport message
-    /// 
+    ///
     /// # Arguments
-    /// 
+    ///
     /// - ct_msg: Encrypted transport message
     pub fn recv(&self, ct_msg: &mut [u8]) {
         unimplemented!();
     }
 
     /// Returns the current endpoint known for the peer
-    /// 
+    ///
     /// # Arguments
-    /// 
+    ///
     /// - peer: The peer to retrieve the endpoint for
     pub fn get_endpoint(&self, peer: PeerRef) -> SocketAddr {
         unimplemented!();
-    } 
+    }
 
     pub fn set_endpoint(&self, peer: PeerRef, endpoint: SocketAddr) {
         unimplemented!();
@@ -101,4 +130,4 @@ impl Device {
     pub fn new_keypair(&self, peer: PeerRef, keypair: KeyPair) {
         unimplemented!();
     }
-}
-\ No newline at end of file
+}
author	Mathias Hall-Andersen <mathias@hall-andersen.dk>	2019-08-12 21:04:19 +0200
committer	Mathias Hall-Andersen <mathias@hall-andersen.dk>	2019-08-12 21:04:19 +0200
commit	723a1b8e858346ef98559788540915bc0cc93eb0 (patch)
tree	81d9ef0a0dd9042b23a21475845689bafb1d822d /src/router/device.rs
parent	Work on sketching router interface (diff)
download	wireguard-rs-723a1b8e858346ef98559788540915bc0cc93eb0.tar.xz wireguard-rs-723a1b8e858346ef98559788540915bc0cc93eb0.zip