stochastic-routing-extended 1.0.2

SRX (Stochastic Routing eXtended) — a next-generation VPN protocol with stochastic routing, DPI evasion, post-quantum cryptography, and multi-transport channel splitting
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299

//! Server-side connection pool for managing multiple peer sessions.
//!
//! `ConnectionPool` tracks per-peer state, enforces maximum connections,
//! and cleans up idle sessions.

use std::collections::HashMap;
use std::net::SocketAddr;
use std::time::{Duration, Instant};

/// Per-peer connection state tracked by the pool.
#[derive(Debug)]
pub struct PeerState {
    /// SRX session identifier.
    pub session_id: u64,
    /// Remote address.
    pub addr: SocketAddr,
    /// When the peer connected.
    pub connected_at: Instant,
    /// Last activity timestamp (updated on send/recv).
    pub last_active: Instant,
    /// Total bytes sent to this peer.
    pub bytes_sent: u64,
    /// Total bytes received from this peer.
    pub bytes_recv: u64,
}

impl PeerState {
    /// Create a new peer state with the given session ID and address.
    pub fn new(session_id: u64, addr: SocketAddr) -> Self {
        let now = Instant::now();
        Self {
            session_id,
            addr,
            connected_at: now,
            last_active: now,
            bytes_sent: 0,
            bytes_recv: 0,
        }
    }

    /// Update last_active to now.
    pub fn touch(&mut self) {
        self.last_active = Instant::now();
    }

    /// Duration since last activity.
    pub fn idle_time(&self) -> Duration {
        Instant::now().duration_since(self.last_active)
    }

    /// Total connection uptime.
    pub fn uptime(&self) -> Duration {
        Instant::now().duration_since(self.connected_at)
    }

    /// Record bytes sent.
    pub fn record_sent(&mut self, bytes: u64) {
        self.bytes_sent += bytes;
        self.touch();
    }

    /// Record bytes received.
    pub fn record_recv(&mut self, bytes: u64) {
        self.bytes_recv += bytes;
        self.touch();
    }
}

/// Error type for pool operations.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum PoolError {
    /// Connection pool is at maximum capacity.
    Full,
    /// A peer with this session ID already exists.
    DuplicateSession,
    /// No peer found with the given session ID.
    NotFound,
}

impl std::fmt::Display for PoolError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            PoolError::Full => write!(f, "connection pool is full"),
            PoolError::DuplicateSession => write!(f, "duplicate session ID"),
            PoolError::NotFound => write!(f, "peer not found"),
        }
    }
}

/// Server-side connection pool managing multiple peer sessions.
pub struct ConnectionPool {
    peers: HashMap<u64, PeerState>,
    max_peers: usize,
    idle_timeout: Duration,
}

impl ConnectionPool {
    /// Create a new pool with the given limits.
    pub fn new(max_peers: usize, idle_timeout: Duration) -> Self {
        Self {
            peers: HashMap::new(),
            max_peers,
            idle_timeout,
        }
    }

    /// Add a peer to the pool. Fails if full or duplicate session ID.
    pub fn add_peer(&mut self, state: PeerState) -> std::result::Result<(), PoolError> {
        if self.peers.len() >= self.max_peers {
            return Err(PoolError::Full);
        }
        if self.peers.contains_key(&state.session_id) {
            return Err(PoolError::DuplicateSession);
        }
        self.peers.insert(state.session_id, state);
        Ok(())
    }

    /// Remove a peer by session ID.
    pub fn remove_peer(&mut self, session_id: u64) -> Option<PeerState> {
        self.peers.remove(&session_id)
    }

    /// Get a reference to a peer's state.
    pub fn get_peer(&self, session_id: u64) -> Option<&PeerState> {
        self.peers.get(&session_id)
    }

    /// Get a mutable reference to a peer's state.
    pub fn get_peer_mut(&mut self, session_id: u64) -> Option<&mut PeerState> {
        self.peers.get_mut(&session_id)
    }

    /// Update last_active for a peer.
    pub fn touch(&mut self, session_id: u64) {
        if let Some(peer) = self.peers.get_mut(&session_id) {
            peer.touch();
        }
    }

    /// Remove all peers that have been idle longer than `idle_timeout`.
    /// Returns the removed peers.
    pub fn cleanup_idle(&mut self) -> Vec<PeerState> {
        let timeout = self.idle_timeout;
        let mut removed = Vec::new();
        self.peers.retain(|_, peer| {
            if peer.idle_time() > timeout {
                removed.push(PeerState {
                    session_id: peer.session_id,
                    addr: peer.addr,
                    connected_at: peer.connected_at,
                    last_active: peer.last_active,
                    bytes_sent: peer.bytes_sent,
                    bytes_recv: peer.bytes_recv,
                });
                false
            } else {
                true
            }
        });
        removed
    }

    /// Current number of connected peers.
    pub fn peer_count(&self) -> usize {
        self.peers.len()
    }

    /// Whether the pool is at capacity.
    pub fn is_full(&self) -> bool {
        self.peers.len() >= self.max_peers
    }

    /// Whether the pool has no peers.
    pub fn is_empty(&self) -> bool {
        self.peers.is_empty()
    }

    /// Iterator over all active peer states.
    pub fn active_peers(&self) -> impl Iterator<Item = &PeerState> {
        self.peers.values()
    }

    /// Find a peer by remote address.
    pub fn find_by_addr(&self, addr: SocketAddr) -> Option<&PeerState> {
        self.peers.values().find(|p| p.addr == addr)
    }

    /// Total bytes sent across all peers.
    pub fn total_bytes_sent(&self) -> u64 {
        self.peers.values().map(|p| p.bytes_sent).sum()
    }

    /// Total bytes received across all peers.
    pub fn total_bytes_recv(&self) -> u64 {
        self.peers.values().map(|p| p.bytes_recv).sum()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::net::{Ipv4Addr, SocketAddrV4};

    fn addr(port: u16) -> SocketAddr {
        SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::LOCALHOST, port))
    }

    #[test]
    fn add_and_get_peer() {
        let mut pool = ConnectionPool::new(10, Duration::from_secs(60));
        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();

        let peer = pool.get_peer(1).unwrap();
        assert_eq!(peer.session_id, 1);
        assert_eq!(peer.addr.port(), 8001);
    }

    #[test]
    fn full_pool_rejects() {
        let mut pool = ConnectionPool::new(2, Duration::from_secs(60));
        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();
        pool.add_peer(PeerState::new(2, addr(8002))).unwrap();

        assert_eq!(
            pool.add_peer(PeerState::new(3, addr(8003))),
            Err(PoolError::Full)
        );
    }

    #[test]
    fn duplicate_session_rejects() {
        let mut pool = ConnectionPool::new(10, Duration::from_secs(60));
        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();

        assert_eq!(
            pool.add_peer(PeerState::new(1, addr(8002))),
            Err(PoolError::DuplicateSession)
        );
    }

    #[test]
    fn remove_peer() {
        let mut pool = ConnectionPool::new(10, Duration::from_secs(60));
        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();

        let removed = pool.remove_peer(1).unwrap();
        assert_eq!(removed.session_id, 1);
        assert!(pool.is_empty());
    }

    #[test]
    fn cleanup_idle() {
        let mut pool = ConnectionPool::new(10, Duration::from_secs(0)); // 0s timeout
        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();
        pool.add_peer(PeerState::new(2, addr(8002))).unwrap();

        // With 0s timeout, all peers are immediately idle
        std::thread::sleep(Duration::from_millis(10));
        let removed = pool.cleanup_idle();
        assert_eq!(removed.len(), 2);
        assert!(pool.is_empty());
    }

    #[test]
    fn find_by_addr() {
        let mut pool = ConnectionPool::new(10, Duration::from_secs(60));
        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();
        pool.add_peer(PeerState::new(2, addr(8002))).unwrap();

        let found = pool.find_by_addr(addr(8002)).unwrap();
        assert_eq!(found.session_id, 2);
    }

    #[test]
    fn bytes_tracking() {
        let mut pool = ConnectionPool::new(10, Duration::from_secs(60));
        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();

        pool.get_peer_mut(1).unwrap().record_sent(100);
        pool.get_peer_mut(1).unwrap().record_recv(200);

        assert_eq!(pool.total_bytes_sent(), 100);
        assert_eq!(pool.total_bytes_recv(), 200);
    }

    #[test]
    fn peer_count_and_is_full() {
        let mut pool = ConnectionPool::new(2, Duration::from_secs(60));
        assert_eq!(pool.peer_count(), 0);
        assert!(!pool.is_full());

        pool.add_peer(PeerState::new(1, addr(8001))).unwrap();
        assert_eq!(pool.peer_count(), 1);

        pool.add_peer(PeerState::new(2, addr(8002))).unwrap();
        assert!(pool.is_full());
    }
}