jip-core 0.1.0

Domain types and capability traits for the jip network CLI.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228

//! `Path` — the answer to "can I reach X, and if not, where does it die?"
//!
//! A path is the composition of three trait calls: resolve the target,
//! select egress, run probes. [`Diagnostician::trace_path`] assembles one.

use std::net::{IpAddr, SocketAddr};
use std::time::Duration;

use serde::{Deserialize, Serialize};

use crate::connection::{ConnectionId, Family};
use crate::diag::Finding;
use crate::dns::{DnsError, DnsResolution};

/// End-to-end path probe result: target resolution, egress selection, probe
/// outcomes, and the final verdict.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Path {
    /// The target that was probed.
    pub target: Target,
    /// `None` when the target was given as an IP literal.
    pub resolution: Option<DnsResolution>,
    /// Which interface and source address carry traffic to the target.
    pub egress: Egress,
    /// All probe results collected for this path.
    pub probes: ProbeResults,
    /// The overall reachability verdict.
    pub verdict: Verdict,
    /// Diagnostic findings produced while tracing the path.
    pub findings: Vec<Finding>,
}

/// What the user asked us to reach.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
#[serde(tag = "type", rename_all = "snake_case")]
pub enum Target {
    Ip {
        ip: IpAddr,
        port: Option<u16>,
    },
    Host {
        name: String,
        port: Option<u16>,
    },
    /// Full URL — triggers TLS + HTTP probes.
    Url {
        url: String,
    },
}

/// Which probes to run for a given target shape. The strategy is a function
/// of the target: LAN IP gets ARP+ping; bare hostname gets DNS+TCP:443; a
/// URL adds TLS+HTTP on top.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum ProbeStrategy {
    LanIp,
    IcmpOnly,
    UnspecifiedTcp,
    SpecificPort,
    HttpUrl,
}

/// Which connection carries traffic to the target, as reported by
/// `ip route get`.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct Egress {
    /// The connection that owns the egress interface.
    pub connection_id: ConnectionId,
    /// Kernel interface name (e.g. `"eth0"`).
    pub iface: String,
    /// Preferred source address selected by the kernel.
    pub src: IpAddr,
    /// Next-hop gateway, when the destination is not directly connected.
    pub gateway: Option<IpAddr>,
    /// Address family used for the route lookup.
    pub family_used: Family,
    /// Families for which the kernel said "Network is unreachable" — e.g. V6
    /// on an IPv4-only upstream.
    pub family_unreachable: Vec<Family>,
    /// True when `ip rule` matched on uid; egress may differ for other users
    /// (split-tunnel VPNs commonly do this).
    pub uid_scoped: bool,
}

/// All probe results collected for a single path trace.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ProbeResults {
    /// Which probe strategy was selected for this target.
    pub strategy: ProbeStrategy,
    /// ICMP to the gateway — cheap, almost always run.
    pub gateway_ping: Option<PingResult>,
    /// ICMP to the target — may be filtered, so not authoritative.
    pub target_ping: Option<PingResult>,
    /// TCP connect probe result.
    pub tcp_connect: Option<TcpProbeResult>,
    /// TLS handshake probe result.
    pub tls_handshake: Option<TlsProbeResult>,
    /// HTTP HEAD probe result.
    pub http_head: Option<HttpProbeResult>,
    /// Traceroute. Lazy: only populated on failure or with `--trace`.
    pub trace: Option<Vec<Hop>>,
}

/// Result of an ICMP echo probe.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct PingResult {
    /// Number of echo requests sent.
    pub sent: u32,
    /// Number of echo replies received.
    pub received: u32,
    pub rtt_min: Option<Duration>,
    pub rtt_avg: Option<Duration>,
    pub rtt_max: Option<Duration>,
}

impl PingResult {
    /// Compute packet loss as a percentage (0.0–100.0).
    pub fn loss_pct(&self) -> f32 {
        if self.sent == 0 {
            return 0.0;
        }
        let lost = self.sent.saturating_sub(self.received);
        (lost as f32 / self.sent as f32) * 100.0
    }
}

/// Result of a TCP connect probe.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct TcpProbeResult {
    /// The target socket address.
    pub addr: SocketAddr,
    /// Whether the three-way handshake completed.
    pub connected: bool,
    /// Time from start to connection or failure.
    pub took: Duration,
    /// Human-readable error string when `connected` is false.
    pub error: Option<String>,
}

/// Result of a TLS handshake probe.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct TlsProbeResult {
    /// The target socket address.
    pub peer: SocketAddr,
    /// The SNI hostname presented.
    pub sni: String,
    /// Whether the handshake completed with a valid certificate chain.
    pub negotiated: bool,
    /// Time from start to handshake completion or failure.
    pub took: Duration,
    /// Human-readable error string when `negotiated` is false.
    pub error: Option<String>,
}

/// Result of an HTTP HEAD probe.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct HttpProbeResult {
    /// The URL that was probed.
    pub url: String,
    /// HTTP response status code, when a response was received.
    pub status: Option<u16>,
    /// Time from request start to response or failure.
    pub took: Duration,
    /// Human-readable error string on failure.
    pub error: Option<String>,
}

/// A single traceroute hop.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct Hop {
    /// TTL value for this hop.
    pub ttl: u8,
    /// IP address of the responding router, `None` on timeout.
    pub ip: Option<IpAddr>,
    /// Round-trip time to this hop, `None` on timeout.
    pub rtt: Option<Duration>,
    /// Reverse-DNS hostname, when available.
    pub hostname: Option<String>,
}

impl Eq for Hop {}

/// Outcome of a `reach` call. The CLI renders a one-line summary from this,
/// then the `findings` for detail.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(tag = "type", rename_all = "snake_case")]
pub enum Verdict {
    Reachable {
        latency_ms: u64,
        family_used: Family,
    },
    /// One family worked, the other didn't. Common on dual-stack hosts with
    /// broken IPv6.
    PartiallyReachable {
        working: Family,
        broken: Family,
    },
    DnsFailed {
        error: DnsError,
    },
    /// Kernel has no route to the target.
    NoEgress {
        reason: String,
    },
    GatewayDown {
        gateway: IpAddr,
    },
    PacketLoss {
        loss_pct: f32,
    },
    /// TCP RST — service up, port closed.
    TcpRefused {
        addr: SocketAddr,
    },
    /// TCP silence — firewall dropping, or the host is off.
    TcpTimeout {
        addr: SocketAddr,
    },
    TlsFailed {
        err: String,
    },
    HttpFailed {
        status: u16,
    },
}

impl Eq for Verdict {}