diff options
author | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-08-12 21:04:19 +0200 |
---|---|---|
committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-08-12 21:04:19 +0200 |
commit | 723a1b8e858346ef98559788540915bc0cc93eb0 (patch) | |
tree | 81d9ef0a0dd9042b23a21475845689bafb1d822d /src/router/device.rs | |
parent | Work on sketching router interface (diff) | |
download | wireguard-rs-723a1b8e858346ef98559788540915bc0cc93eb0.tar.xz wireguard-rs-723a1b8e858346ef98559788540915bc0cc93eb0.zip |
Port replay filter and sketch router state
Diffstat (limited to 'src/router/device.rs')
-rw-r--r-- | src/router/device.rs | 79 |
1 files changed, 54 insertions, 25 deletions
diff --git a/src/router/device.rs b/src/router/device.rs index 67702cd..1296be6 100644 --- a/src/router/device.rs +++ b/src/router/device.rs @@ -1,39 +1,69 @@ -use std::net::SocketAddr; +use arraydeque::{ArrayDeque, Wrapping}; +use treebitmap::IpLookupTable; + +use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr}; +use std::sync::atomic::{AtomicPtr, AtomicU64}; +use std::sync::{Arc, Mutex}; +use std::time::Instant; + use super::super::types::KeyPair; +use super::anti_replay::AntiReplay; + +const MAX_STAGED_PACKETS: usize = 128; pub struct Device { + ipv4: IpLookupTable<Ipv4Addr, Arc<Peer>>, + ipv6: IpLookupTable<Ipv6Addr, Arc<Peer>>, +} + +struct KeyState(KeyPair, AntiReplay); +struct EncryptState { + key: [u8; 32], // encryption key + id: u64, // sender id + nonce: AtomicU64, // next available nonce + death: Instant, // can must the key no longer be used: + // (birth + reject-after-time - keepalive-timeout - rekey-timeout) } -pub struct Peer { +struct KeyWheel { + next: AtomicPtr<Arc<Option<KeyState>>>, // next key state (unconfirmed) + current: AtomicPtr<Arc<Option<KeyState>>>, // current key state (used for encryption) + previous: AtomicPtr<Arc<Option<KeyState>>>, // old key state (used for decryption) +} +pub struct Peer { + staged_packets: Mutex<ArrayDeque<[Vec<u8>; MAX_STAGED_PACKETS], Wrapping>>, // packets awaiting handshake + rx_bytes: AtomicU64, // received bytes + tx_bytes: AtomicU64, // transmitted bytes + keys: KeyWheel, // key-wheel + encryption: AtomicPtr<Arc<EncryptState>>, // current encryption key (starts expired) } -pub struct PeerRef {} +pub struct PeerRef(); impl Device { - pub fn new() -> Device { unimplemented!(); } /// Adds a new peer to the device - /// + /// /// # Returns - /// + /// /// An opaque value representing the peer. pub fn add(&self) -> PeerRef { unimplemented!(); } /// Cryptkey routes and sends a plaintext message (IP packet) - /// + /// /// # Arguments - /// + /// /// - pt_msg: IP packet to cryptkey route - /// + /// /// # Returns - /// + /// /// A peer reference for the peer if no key-pair is currently valid for the destination. /// This indicates that a handshake should be initated (see the handshake module). /// If this occurs the packet is copied to an internal buffer @@ -45,31 +75,30 @@ impl Device { /// Sends a message directly to the peer. /// The router device takes care of discovering/managing the endpoint. /// This is used for handshake initiation/response messages - /// + /// /// # Arguments - /// + /// /// - peer: Reference to the destination peer /// - msg: Message to transmit pub fn send_raw(&self, peer: PeerRef, msg: &mut [u8]) { unimplemented!(); } - /// Flush the queue of buffered messages awaiting transmission - /// + /// /// # Arguments - /// + /// /// - peer: Reference for the peer to flush pub fn flush_queue(&self, peer: PeerRef) { unimplemented!(); } - + /// Attempt to route, encrypt and send all elements buffered in the queue - /// + /// /// # Arguments - /// + /// /// # Returns - /// + /// /// A boolean indicating whether packages where sent. /// Note: This is used for implicit confirmation of handshakes. pub fn send_run_queue(&self, peer: PeerRef) -> bool { @@ -77,22 +106,22 @@ impl Device { } /// Receive an encrypted transport message - /// + /// /// # Arguments - /// + /// /// - ct_msg: Encrypted transport message pub fn recv(&self, ct_msg: &mut [u8]) { unimplemented!(); } /// Returns the current endpoint known for the peer - /// + /// /// # Arguments - /// + /// /// - peer: The peer to retrieve the endpoint for pub fn get_endpoint(&self, peer: PeerRef) -> SocketAddr { unimplemented!(); - } + } pub fn set_endpoint(&self, peer: PeerRef, endpoint: SocketAddr) { unimplemented!(); @@ -101,4 +130,4 @@ impl Device { pub fn new_keypair(&self, peer: PeerRef, keypair: KeyPair) { unimplemented!(); } -}
\ No newline at end of file +} |