fips-core 0.3.4

Reusable FIPS mesh, endpoint, transport, and protocol library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

//! ICMP Packet Too Big rate limiting.
//!
//! Prevents ICMP flood from repeated oversized packets by rate-limiting
//! ICMP Packet Too Big messages per source address.

use std::collections::HashMap;
use std::net::Ipv6Addr;
use std::time::{Duration, Instant};

/// Rate limiter for ICMP Packet Too Big messages.
///
/// Tracks the last time an ICMP PTB was sent to each source address
/// and enforces a minimum interval between messages to prevent floods.
pub struct IcmpRateLimiter {
    /// Maps source IPv6 address to the last time we sent ICMP PTB to it.
    last_sent: HashMap<Ipv6Addr, Instant>,
    /// Minimum interval between ICMP messages to the same source.
    min_interval: Duration,
    /// Maximum age of entries before cleanup (prevents unbounded growth).
    max_age: Duration,
}

impl IcmpRateLimiter {
    /// Create a new rate limiter.
    ///
    /// Default: max 10 ICMP/sec per source (100ms interval).
    pub fn new() -> Self {
        Self {
            last_sent: HashMap::new(),
            min_interval: Duration::from_millis(100),
            max_age: Duration::from_secs(10),
        }
    }

    /// Create a rate limiter with custom interval.
    pub fn with_interval(min_interval: Duration) -> Self {
        Self {
            last_sent: HashMap::new(),
            min_interval,
            max_age: Duration::from_secs(10),
        }
    }

    /// Check if we should send an ICMP PTB to this source address.
    ///
    /// Returns true if enough time has passed since the last ICMP to this source,
    /// or if this is the first ICMP to this source.
    ///
    /// If true is returned, the internal state is updated to record this send.
    pub fn should_send(&mut self, src_addr: Ipv6Addr) -> bool {
        let now = Instant::now();

        // Check if we've sent to this source recently
        if let Some(&last) = self.last_sent.get(&src_addr)
            && now.duration_since(last) < self.min_interval
        {
            return false; // Too soon, rate limit
        }

        // Update last sent time
        self.last_sent.insert(src_addr, now);

        // Cleanup old entries to prevent unbounded growth
        self.cleanup(now);

        true
    }

    /// Remove entries older than max_age.
    fn cleanup(&mut self, now: Instant) {
        self.last_sent
            .retain(|_, &mut last| now.duration_since(last) < self.max_age);
    }

    /// Get the number of tracked sources.
    #[cfg(test)]
    pub fn len(&self) -> usize {
        self.last_sent.len()
    }

    /// Check if there are no tracked sources.
    #[cfg(test)]
    pub fn is_empty(&self) -> bool {
        self.last_sent.is_empty()
    }
}

impl Default for IcmpRateLimiter {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::thread;

    #[test]
    fn test_first_send_allowed() {
        let mut limiter = IcmpRateLimiter::new();
        let addr: Ipv6Addr = "fd00::1".parse().unwrap();

        assert!(limiter.should_send(addr));
    }

    #[test]
    fn test_rapid_sends_rate_limited() {
        let mut limiter = IcmpRateLimiter::new();
        let addr: Ipv6Addr = "fd00::1".parse().unwrap();

        // First send should succeed
        assert!(limiter.should_send(addr));

        // Immediate second send should be rate limited
        assert!(!limiter.should_send(addr));
        assert!(!limiter.should_send(addr));
    }

    #[test]
    fn test_different_sources_independent() {
        let mut limiter = IcmpRateLimiter::new();
        let addr1: Ipv6Addr = "fd00::1".parse().unwrap();
        let addr2: Ipv6Addr = "fd00::2".parse().unwrap();

        // Both sources should be allowed independently
        assert!(limiter.should_send(addr1));
        assert!(limiter.should_send(addr2));

        // But rapid resends to same source are limited
        assert!(!limiter.should_send(addr1));
        assert!(!limiter.should_send(addr2));
    }

    #[test]
    fn test_send_allowed_after_interval() {
        let mut limiter = IcmpRateLimiter::with_interval(Duration::from_millis(50));
        let addr: Ipv6Addr = "fd00::1".parse().unwrap();

        // First send
        assert!(limiter.should_send(addr));

        // Wait for interval to pass
        thread::sleep(Duration::from_millis(60));

        // Second send should now be allowed
        assert!(limiter.should_send(addr));
    }

    #[test]
    fn test_cleanup_removes_old_entries() {
        let mut limiter = IcmpRateLimiter::new();
        let addr1: Ipv6Addr = "fd00::1".parse().unwrap();
        let addr2: Ipv6Addr = "fd00::2".parse().unwrap();

        // Send to both addresses
        assert!(limiter.should_send(addr1));
        assert!(limiter.should_send(addr2));
        assert_eq!(limiter.len(), 2);

        // Manually trigger cleanup with a future timestamp
        let future = Instant::now() + Duration::from_secs(11);
        limiter.cleanup(future);

        // All entries should be cleaned up
        assert_eq!(limiter.len(), 0);
    }

    #[test]
    fn test_cleanup_preserves_recent_entries() {
        let mut limiter = IcmpRateLimiter::new();
        let addr: Ipv6Addr = "fd00::1".parse().unwrap();

        assert!(limiter.should_send(addr));
        assert_eq!(limiter.len(), 1);

        // Cleanup with current time shouldn't remove recent entry
        limiter.cleanup(Instant::now());
        assert_eq!(limiter.len(), 1);
    }
}