ana-gotatun 0.2.0

an implementation of the WireGuard® protocol designed for portability and speed with integrated STUN
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224

// Copyright (c) 2025 Mullvad VPN AB. All rights reserved.
// SPDX-License-Identifier: BSD-3-Clause

use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6};

use bitfield_struct::bitfield;
use either::Either;
use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout, Unaligned, big_endian};

use crate::packet::{Ipv4, Ipv6};

/// A packet bitfield-struct containing the `version`-field that is shared between IPv4 and IPv6.
#[bitfield(u8)]
#[derive(FromBytes, IntoBytes, KnownLayout, Unaligned, Immutable, PartialEq, Eq)]
pub struct IpvxVersion {
    #[bits(4)]
    pub _unknown: u8,
    #[bits(4)]
    pub version: u8,
}

/// An IP packet, including headers, that may be either IPv4 or IPv6.
/// [Read more](crate::packet)
#[repr(C, packed)]
#[derive(FromBytes, IntoBytes, KnownLayout, Unaligned, Immutable)]
pub struct Ip {
    /// The IP version field. [Read more](IpvxVersion)
    pub header: IpvxVersion,

    /// The rest of the IP packet,
    /// i.e. everything in the header that comes after the first byte, and the payload.
    ///
    /// You probably don't want to access this directly.
    pub rest: [u8],
}

impl Ip {
    fn as_v4_or_v6(&self) -> Option<Either<&Ipv4, &Ipv6>> {
        let b = self.as_bytes();
        match self.header.version() {
            4 => Ipv4::<[u8]>::ref_from_bytes(b).ok().map(Either::Left),
            6 => Ipv6::<[u8]>::ref_from_bytes(b).ok().map(Either::Right),
            _ => None,
        }
    }
    /// Try to extract the source [`IpAddr`].
    ///
    /// Returns `None` if the version field is not `4` or `6`, or if the packet is too small.
    /// Other than that, no checks are done to ensure this is a valid ip packet.
    pub fn source(&self) -> Option<IpAddr> {
        Some(match self.as_v4_or_v6()? {
            Either::Left(ipv4) => ipv4.header.source().into(),
            Either::Right(ipv6) => ipv6.header.source().into(),
        })
    }

    /// Try to extract the destination [`IpAddr`].
    ///
    /// Returns `None` if the version field is not `4` or `6`, or if the packet is too small.
    /// Other than that, no checks are done to ensure this is a valid ip packet.
    pub fn destination(&self) -> Option<IpAddr> {
        Some(match self.as_v4_or_v6()? {
            Either::Left(ipv4) => ipv4.header.destination().into(),
            Either::Right(ipv6) => ipv6.header.destination().into(),
        })
    }
}

/// IP socket address encoding used in the handshake response.
///
/// Layout:
///
/// ```text
///  remote_addr = {
///      u8  ip_version      // either 0x04 or 0x06
///      u8  reserved_zero   // must be 0
///      u16 port            // big-endian
///      u8  receiver_index[16] // either IPv4 address with leading 0 or IPv6 addr
///  }
/// ```
///
/// - For an IPv4 address, the first 12 bytes of `receiver_index` are zero and the last 4 bytes hold
///   the IPv4 address (embedded IPv4-in-IPv6 style).
/// - For an IPv6 address, all 16 bytes are the IPv6 address.
#[repr(C, packed)]
#[derive(Clone, Copy, FromBytes, IntoBytes, KnownLayout, Unaligned, Immutable, PartialEq, Eq)]
pub struct IpSocketAddr {
    pub ip_version: u8,
    pub reserved_zero: u8,
    pub port: big_endian::U16,
    pub ip_addr: [u8; 16],
}

impl From<SocketAddr> for IpSocketAddr {
    fn from(addr: SocketAddr) -> Self {
        match addr {
            SocketAddr::V4(v4) => IpSocketAddr::from(v4),
            SocketAddr::V6(v6) => IpSocketAddr::from(v6),
        }
    }
}

impl From<SocketAddrV4> for IpSocketAddr {
    fn from(addr: SocketAddrV4) -> Self {
        let ip = addr.ip().octets();
        let port = addr.port();

        let mut ip_addr = [0u8; 16];
        // IPv4 mapped into the last 4 bytes; first 12 zeroed
        ip_addr[12..16].copy_from_slice(&ip);

        IpSocketAddr {
            ip_version: 0x04,
            reserved_zero: 0,
            port: big_endian::U16::new(port),
            ip_addr,
        }
    }
}

impl From<SocketAddrV6> for IpSocketAddr {
    fn from(addr: SocketAddrV6) -> Self {
        let ip = addr.ip().octets();
        let port = addr.port();

        IpSocketAddr {
            ip_version: 0x06,
            reserved_zero: 0,
            port: big_endian::U16::new(port),
            ip_addr: ip,
        }
    }
}

/// Error type for converting `IpSocketAddr` back to `SocketAddr`.
#[derive(Debug, thiserror::Error)]
pub enum IpSocketAddrError {
    #[error("Invalid Version: {0}")]
    InvalidVersion(u8),
    #[error("Reserved Non Zero invalid: {0}")]
    ReservedNonZero(u8),
}

impl TryFrom<IpSocketAddr> for SocketAddr {
    type Error = IpSocketAddrError;

    fn try_from(value: IpSocketAddr) -> Result<Self, Self::Error> {
        if value.reserved_zero != 0 {
            return Err(IpSocketAddrError::ReservedNonZero(value.reserved_zero));
        }

        let port = value.port.get();

        match value.ip_version {
            0x04 => {
                // Expect IPv4 in the last 4 bytes; ignore leading 12 bytes.
                let mut ip_bytes = [0u8; 4];
                ip_bytes.copy_from_slice(&value.ip_addr[12..16]);

                let v4 = SocketAddrV4::new(Ipv4Addr::from(ip_bytes), port);
                Ok(SocketAddr::V4(v4))
            }
            0x06 => {
                let ip_bytes = value.ip_addr;
                let v6 = SocketAddrV6::new(Ipv6Addr::from(ip_bytes), port, 0, 0);
                Ok(SocketAddr::V6(v6))
            }
            other => Err(IpSocketAddrError::InvalidVersion(other)),
        }
    }
}

#[cfg(test)]
mod tests {
    use std::net::{Ipv4Addr, SocketAddr, SocketAddrV4};

    use rand::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;

    use super::*;
    use crate::packet::IpSocketAddr;

    // In principle, there is no point in testing the format of the message
    // explicitly. The encoding is declaratively defined in the struct.
    #[test]
    fn encode_and_then_decode_v4_sock_addr_success() -> Result<(), Box<dyn std::error::Error>> {
        let mut rng = XorShiftRng::seed_from_u64(47);
        let mut ipv4_bytes = [0u8; 4];
        let mut input = [0u8; 20];
        input[0] = 0x04;
        for _ in 0..256 {
            rng.fill_bytes(&mut ipv4_bytes);
            let expected_ip_addr = Ipv4Addr::from_octets(ipv4_bytes);
            let expected_port = rng.next_u32() as u16;
            let expected_sock_addr =
                SocketAddr::V4(SocketAddrV4::new(expected_ip_addr, expected_port));
            let ip_sock_addr: IpSocketAddr = expected_sock_addr.into();
            let actual_socket_addr: SocketAddr = ip_sock_addr.try_into()?;

            assert_eq!(expected_sock_addr, actual_socket_addr);
        }
        Ok(())
    }

    #[test]
    fn encode_and_then_decode_v6_sock_addr_success() -> Result<(), Box<dyn std::error::Error>> {
        let mut rng = XorShiftRng::seed_from_u64(47);
        let mut ipv6_bytes = [0u8; 16];
        let mut input = [0u8; 20];
        input[0] = 0x04;
        for _ in 0..256 {
            rng.fill_bytes(&mut ipv6_bytes);
            let expected_ip_addr = Ipv6Addr::from_octets(ipv6_bytes);
            let expected_port = rng.next_u32() as u16;
            let expected_sock_addr =
                SocketAddr::V6(SocketAddrV6::new(expected_ip_addr, expected_port, 0, 0));
            let ip_sock_addr: IpSocketAddr = expected_sock_addr.into();
            let actual_socket_addr: SocketAddr = ip_sock_addr.try_into()?;

            assert_eq!(expected_sock_addr, actual_socket_addr);
        }
        Ok(())
    }
}