tatara-net 0.2.90

Cross-platform networking plane for tatara cluster fabric — eBPF + WASI + WireGuard
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

//! Core networking plane trait — platform-agnostic interface.
//!
//! On Linux: backed by eBPF (XDP/TC) + mamorigami WireGuard.
//! On macOS: backed by tun-rs + smoltcp + hanabi proxy.

use async_trait::async_trait;
use uuid::Uuid;

use crate::types::*;

/// Platform-agnostic networking plane.
#[async_trait]
pub trait NetworkPlane: Send + Sync {
    // ── Layer 0: Encrypted Mesh ──

    /// Connect to a peer node in the WireGuard mesh.
    async fn connect_peer(&self, peer: &MeshPeerInfo) -> Result<(), NetError>;

    /// Disconnect a peer from the mesh.
    async fn disconnect_peer(&self, node_id: u64) -> Result<(), NetError>;

    /// Get mesh tunnel states.
    async fn mesh_status(&self) -> Result<Vec<MeshPeerInfo>, NetError>;

    // ── Layer 1: Identity-Based Routing ──

    /// Register a service endpoint (allocation started executing).
    async fn register_endpoint(
        &self,
        identity: &ServiceIdentity,
        endpoint: &ServiceEndpoint,
    ) -> Result<(), NetError>;

    /// Deregister a service endpoint (allocation contracting/terminal).
    async fn deregister_endpoint(
        &self,
        identity: &ServiceIdentity,
        alloc_id: Uuid,
    ) -> Result<(), NetError>;

    /// Update endpoint health (affects routing weight).
    async fn update_endpoint_health(
        &self,
        identity: &ServiceIdentity,
        alloc_id: Uuid,
        health: EndpointHealth,
    ) -> Result<(), NetError>;

    // ── Layer 2: Policy Enforcement ──

    /// Apply a network policy.
    async fn apply_policy(&self, policy: &NetworkPolicy) -> Result<(), NetError>;

    /// Remove a network policy.
    async fn remove_policy(&self, name: &str) -> Result<(), NetError>;

    /// List active policies.
    async fn list_policies(&self) -> Result<Vec<NetworkPolicy>, NetError>;

    // ── Layer 3: Observability ──

    /// Query flow logs.
    async fn get_flows(&self, filter: &FlowFilter) -> Result<Vec<Flow>, NetError>;

    /// Get per-service-pair metrics.
    async fn get_service_metrics(
        &self,
        source: &str,
        dest: &str,
    ) -> Result<ServicePairMetrics, NetError>;
}

/// Networking plane errors.
#[derive(Debug, thiserror::Error)]
pub enum NetError {
    #[error("tunnel error: {0}")]
    Tunnel(String),

    #[error("policy error: {0}")]
    Policy(String),

    #[error("routing error: {0}")]
    Routing(String),

    #[error("platform not supported: {0}")]
    PlatformNotSupported(String),

    #[error("eBPF error: {0}")]
    Ebpf(String),

    #[error("WASI error: {0}")]
    Wasi(String),

    #[error("{0}")]
    Other(#[from] anyhow::Error),
}