NatTraversalConfig

ant_quic::nat_traversal_api

Struct NatTraversalConfig 

Source 
pub struct NatTraversalConfig {
    pub known_peers: Vec<SocketAddr>,
    pub max_candidates: usize,
    pub coordination_timeout: Duration,
    pub enable_symmetric_nat: bool,
    pub enable_relay_fallback: bool,
    pub relay_nodes: Vec<SocketAddr>,
    pub max_concurrent_attempts: usize,
    pub bind_addr: Option<SocketAddr>,
    pub prefer_rfc_nat_traversal: bool,
    pub pqc: Option<PqcConfig>,
    pub timeouts: TimeoutConfig,
    pub identity_key: Option<(MlDsaPublicKey, MlDsaSecretKey)>,
}
Expand description

Configuration for NAT traversal behavior

This configuration controls various aspects of NAT traversal including security, performance, and reliability settings. Recent improvements in version 0.6.1 include enhanced security through protocol obfuscation and robust error handling.

§Pure P2P Design (v0.13.0+)

All nodes are now symmetric - they can both connect and accept connections. The role field is deprecated and ignored. Every node automatically:

  • Accepts incoming connections
  • Initiates outgoing connections
  • Coordinates NAT traversal for connected peers
  • Discovers its external address from any connected peer

§Security Features (Added in v0.6.1)

  • Protocol Obfuscation: Random port binding prevents fingerprinting attacks
  • Robust Error Handling: Panic-free operation with graceful error recovery
  • Input Validation: Enhanced validation of configuration parameters

§Example

use ant_quic::nat_traversal_api::NatTraversalConfig;
use std::time::Duration;
use std::net::SocketAddr;

// Recommended secure configuration
let config = NatTraversalConfig {
    known_peers: vec!["127.0.0.1:9000".parse::<SocketAddr>().unwrap()],
    max_candidates: 10,
    coordination_timeout: Duration::from_secs(10),
    enable_symmetric_nat: true,
    enable_relay_fallback: false,
    max_concurrent_attempts: 5,
    bind_addr: None, // Auto-select for security
    prefer_rfc_nat_traversal: true,
    timeouts: Default::default(),
    ..Default::default()
};

Fields§

§known_peers: Vec<SocketAddr>

Known peer addresses for initial discovery These peers are used to discover external addresses and coordinate NAT traversal. In v0.13.0+ all nodes are symmetric - any connected peer can help with discovery.

§max_candidates: usize

Maximum number of address candidates to maintain

§coordination_timeout: Duration

Timeout for coordination rounds

§enable_symmetric_nat: bool

Enable symmetric NAT prediction algorithms

§enable_relay_fallback: bool

Enable automatic relay fallback

§relay_nodes: Vec<SocketAddr>

Known relay nodes for MASQUE CONNECT-UDP Bind fallback When direct NAT traversal fails, connections can be relayed through these nodes

§max_concurrent_attempts: usize

Maximum concurrent NAT traversal attempts

§bind_addr: Option<SocketAddr>

Bind address for the endpoint

  • Some(addr): Bind to the specified address
  • None: Auto-select random port for enhanced security (recommended)

When None, the system uses an internal method to automatically select a random available port, providing protocol obfuscation and improved security through port randomization.

§Security Benefits of None (Auto-Select)

  • Protocol Obfuscation: Makes endpoint detection harder for attackers
  • Port Randomization: Each instance gets a different port
  • Fingerprinting Resistance: Reduces predictable network patterns

§Added in Version 0.6.1

Enhanced security through automatic random port selection

§prefer_rfc_nat_traversal: bool

Prefer RFC-compliant NAT traversal frame format When true, will send RFC-compliant frames if the peer supports it

§pqc: Option<PqcConfig>

Post-Quantum Cryptography configuration

§timeouts: TimeoutConfig

Timeout configuration for NAT traversal operations

§identity_key: Option<(MlDsaPublicKey, MlDsaSecretKey)>

Identity keypair for TLS authentication (ML-DSA-65)

v0.2: Pure PQC - Uses ML-DSA-65 for all authentication. v0.13.0+: This keypair is used for RFC 7250 Raw Public Key TLS authentication. If provided, peers will derive the same PeerId from this key via TLS handshake. If None, a random keypair is generated (not recommended for production as it won’t match the application-layer PeerId).

Trait Implementations§

Source§

impl Clone for NatTraversalConfig

Source§

fn clone(&self) -> NatTraversalConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for NatTraversalConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for NatTraversalConfig

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for NatTraversalConfig

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for NatTraversalConfig

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,