apfsds-protocol 0.4.0

Wire protocol and frame definitions for APFSDS
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

//! Authentication structures

use rkyv::{Archive, Deserialize, Serialize};

/// Authentication request from client
#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
#[rkyv(derive(Debug))]
pub struct AuthRequest {
    /// HMAC base: "user_id:timestamp:random"
    pub hmac_base: Vec<u8>,

    /// HMAC signature
    pub hmac_signature: [u8; 32],

    /// Client's Ed25519 public key (for response encryption)
    pub client_pk: [u8; 32],

    /// Random nonce (replay protection)
    pub nonce: [u8; 32],

    /// Request timestamp (milliseconds)
    pub timestamp: u64,
}

/// Authentication response from server
#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
#[rkyv(derive(Debug))]
pub struct AuthResponse {
    /// One-time connection token
    pub token: Vec<u8>,

    /// Token expiration timestamp
    pub valid_until: u64,

    /// Optional emergency warning
    pub warning: Option<EmergencyWarning>,
}

/// Emergency warning in auth response
#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
#[rkyv(derive(Debug))]
pub struct EmergencyWarning {
    /// Warning level
    pub level: String,

    /// Recommended action
    pub action: String,

    /// When to trigger the action
    pub trigger_after: u64,
}

/// Token payload (signed by server)
#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
#[rkyv(derive(Debug))]
pub struct TokenPayload {
    /// User ID
    pub user_id: u64,

    /// Nonce from auth request
    pub nonce: [u8; 32],

    /// Issue timestamp
    pub issued_at: u64,

    /// Expiration timestamp
    pub valid_until: u64,
}

/// Connection record for MVCC storage
#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
#[rkyv(derive(Debug))]
pub struct ConnRecord {
    /// Connection ID
    pub conn_id: u64,

    /// Connection metadata
    pub metadata: ConnMeta,

    /// Creation timestamp
    pub created_at: u64,

    /// Last activity timestamp
    pub last_active: u64,

    /// Access counter
    pub access_count: u32,

    /// MVCC transaction ID
    pub txid: u64,
}

/// Connection metadata
#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
#[rkyv(derive(Debug))]
pub struct ConnMeta {
    /// Client address (IPv6)
    pub client_addr: [u8; 16],

    /// NAT entry (local_port, remote_port)
    pub nat_entry: (u16, u16),

    /// Assigned pod ID
    pub assigned_pod: u32,

    /// Stream states for multiplexing
    pub stream_states: Vec<StreamState>,
}

/// Stream state for multiplexed connections
#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
#[rkyv(derive(Debug))]
pub struct StreamState {
    /// Stream ID
    pub stream_id: u32,

    /// Bytes sent
    pub bytes_sent: u64,

    /// Bytes received
    pub bytes_received: u64,

    /// Is stream closed
    pub is_closed: bool,
}