Skip to main content

SessionManager

aivpn_server::session

Struct SessionManager 

Source 
pub struct SessionManager { /* private fields */ }
Expand description

Session Manager with O(1) tag lookup

Implementations§

Source§

impl SessionManager

Source

pub fn new( server_keys: KeyPair, signing_key: SigningKey, default_mask: MaskProfile, ) -> Self

Source

pub fn with_timeouts( server_keys: KeyPair, signing_key: SigningKey, default_mask: MaskProfile, session_timeout_secs: Option<u64>, idle_timeout_secs: Option<u64>, ) -> Self

Source

pub fn create_session( &self, client_addr: SocketAddr, eph_pub: [u8; 32], preshared_key: Option<[u8; 32]>, static_vpn_ip: Option<Ipv4Addr>, ) -> Result<Arc<Mutex<Session>>>

Create new session from initial packet. NOTE: Does NOT remove old sessions for the same client IP. The caller must call cleanup_old_sessions_for_ip() after validating that the new session is legitimate (tag matches).

Source

pub fn cleanup_old_sessions_for_ip( &self, ip: &IpAddr, keep_session_id: &[u8; 16], ) -> Vec<[u8; 16]>

Remove all sessions for a given IP except the specified one. Called after a new handshake is validated to clean up stale sessions. Returns list of removed session IDs (for stopping recordings).

Source

pub fn cleanup_old_sessions_for_vpn_ip( &self, vpn_ip: &Ipv4Addr, keep_session_id: &[u8; 16], ) -> Vec<[u8; 16]>

Remove old sessions for the same VPN IP (same client) except the specified one. Unlike cleanup_old_sessions_for_ip, this does NOT affect sessions belonging to other clients behind the same NAT. Returns list of removed session IDs (for stopping recordings).

Source

pub fn rollback_failed_session(&self, session_id: &[u8; 16])

Rollback a session that was created but failed tag validation. Restores vpn_ip_map to the old session that still owns that IP.

Source

pub fn has_recent_ratcheted_session_on_other_endpoint( &self, client_addr: &SocketAddr, max_age: Duration, ) -> bool

Return true when the same public IP already has a fresh ratcheted session on a different socket endpoint. This helps ignore stale duplicate-port probes instead of spawning a new handshake loop.

Source

pub fn get_session_by_tag(&self, tag: &[u8; 8]) -> Option<Arc<Mutex<Session>>>

Get session by tag (O(1) lookup)

Source

pub fn refresh_and_find_by_tag( &self, tag: &[u8; 8], ) -> Option<(Arc<Mutex<Session>>, u64, bool)>

Refresh tag windows for all sessions (time window may have advanced) and try to find a session matching the given tag.

Source

pub fn recover_session_by_tag( &self, tag: &[u8; 8], client_ip: &IpAddr, ) -> Option<(Arc<Mutex<Session>>, u64, bool)>

Wide-range counter recovery: brute-force search over a large counter range to recover from counter drift (e.g., client race condition). Only called when normal tag lookup + refresh both fail but a session exists for this client IP.

Source

pub fn get_session(&self, session_id: &[u8; 16]) -> Option<Arc<Mutex<Session>>>

Get session by ID

Source

pub fn get_session_by_vpn_ip( &self, vpn_ip: &Ipv4Addr, ) -> Option<Arc<Mutex<Session>>>

Get session by VPN IP (for routing TUN responses back to clients)

Source

pub fn remove_session(&self, session_id: &[u8; 16]) -> Option<[u8; 16]>

Remove session and return its ID if it existed. The returned session_id can be used to stop active recording.

Source

pub fn refresh_session_tags(&self, session_id: &[u8; 16])

Refresh tag_map after session’s tag window has been updated

Source

pub fn complete_session_ratchet(&self, session_id: &[u8; 16])

Complete PFS ratchet for a session: switch to ratcheted keys, remove old tags

Source

pub fn cleanup_expired(&self) -> Vec<[u8; 16]>

Cleanup expired sessions and return list of removed session IDs. The returned IDs can be used to stop active recordings.

Source

pub fn session_count(&self) -> usize

Get active session count

Source

pub fn log_session_diagnostics(&self, incoming_tag: &[u8; 8])

Log diagnostic information about all sessions and tag state

Source

pub fn server_public_key(&self) -> [u8; 32]

Get server public key

Source

pub fn sign_mask(&self, mask_data: &[u8]) -> [u8; 64]

Sign mask data

Source

pub fn iter_sessions(&self) -> Iter<'_, [u8; 16], Arc<Mutex<Session>>>

Iterate over all sessions (for neural resonance checks)

Source

pub fn update_session_mask( &self, session_id: &[u8; 16], new_mask: MaskProfile, ) -> Option<(Arc<Mutex<Session>>, SocketAddr)>

Schedule a deferred mask switch for a session. The MaskUpdate control message has already been sent to the client; we store the new mask in pending_mask and let it activate after a grace period (see commit_pending_mask).

Source

pub fn build_mask_update_packet( &self, session: &Arc<Mutex<Session>>, new_mask: &MaskProfile, ) -> Result<Vec<u8>>

Build an encrypted MaskUpdate control packet for the given session. Returns the raw UDP datagram bytes ready to send.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more