triglav 0.1.0

High-performance multi-path networking tool with intelligent uplink management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

//! TUN/TAP virtual network interface module.
//!
//! This module provides a cross-platform abstraction for creating and managing
//! TUN (Layer 3) virtual network interfaces. Unlike proxy-based approaches,
//! TUN interfaces operate at the IP packet level, allowing transparent tunneling
//! of all network traffic without requiring application-level proxy configuration.
//!
//! ## Architecture
//!
//! ```text
//! ┌─────────────────────────────────────────────────────────────────────────┐
//! │                         Application Layer                               │
//! │                    (Any TCP/UDP/ICMP application)                       │
//! ├─────────────────────────────────────────────────────────────────────────┤
//! │                         Kernel TCP/IP Stack                              │
//! │                    (OS handles transport protocols)                      │
//! ├─────────────────────────────────────────────────────────────────────────┤
//! │                         TUN Device (utun/tun0)                          │
//! │                    [IP Packets read/written here]                        │
//! ├─────────────────────────────────────────────────────────────────────────┤
//! │                              Triglav                                     │
//! │  ┌──────────────────────────────────────────────────────────────────┐   │
//! │  │                        TunnelRunner                               │   │
//! │  │  ┌─────────────┐  ┌──────────────┐  ┌─────────────────────────┐  │   │
//! │  │  │  IP Parser  │──│     NAT      │──│   MultipathManager      │  │   │
//! │  │  │ (5-tuple)   │  │ Translation  │  │  (encryption, routing)  │  │   │
//! │  │  └─────────────┘  └──────────────┘  └─────────────────────────┘  │   │
//! │  └──────────────────────────────────────────────────────────────────┘   │
//! ├─────────────────────────────────────────────────────────────────────────┤
//! │                     Multiple Physical Uplinks                            │
//! │               (WiFi, Cellular, Ethernet, etc.)                          │
//! └─────────────────────────────────────────────────────────────────────────┘
//! ```
//!
//! ## Platform Support
//!
//! - **Linux**: Uses `/dev/net/tun` with `ioctl(TUNSETIFF)`
//! - **macOS**: Uses `utun` kernel control socket
//! - **Windows**: Uses WinTUN driver (requires installation)
//!
//! ## Usage
//!
//! ```rust,no_run
//! use triglav::tun::{TunDevice, TunConfig};
//!
//! # async fn example() -> triglav::Result<()> {
//! // Create TUN device
//! let config = TunConfig::default();
//! let tun = TunDevice::create(config)?;
//!
//! // Read/write IP packets
//! let mut buf = vec![0u8; 1500];
//! let len = tun.read(&mut buf).await?;
//! // Process IP packet in buf[..len]
//! # Ok(())
//! # }
//! ```

mod device;
mod packet;
mod nat;
mod routing;
mod runner;
mod dns;

pub use device::{TunDevice, TunConfig, TunHandle};
pub use packet::{IpPacket, IpVersion, TransportProtocol as IpTransportProtocol, FlowTuple};
pub use nat::{NatTable, NatEntry, NatConfig};
pub use routing::{RouteManager, Route, RouteConfig};
pub use runner::{TunnelRunner, TunnelConfig, TunnelStats};
pub use dns::{DnsInterceptor, DnsConfig};

use crate::error::Result;

/// Default MTU for TUN device.
pub const DEFAULT_TUN_MTU: u16 = 1420;

/// Default tunnel IP address (internal side).
pub const DEFAULT_TUNNEL_IPV4: &str = "10.0.85.1";
pub const DEFAULT_TUNNEL_IPV6: &str = "fd00:7472:6967::1";

/// Default tunnel network.
pub const DEFAULT_TUNNEL_NETWORK_V4: &str = "10.0.85.0/24";
pub const DEFAULT_TUNNEL_NETWORK_V6: &str = "fd00:7472:6967::/64";

/// Check if the current process has sufficient privileges to create TUN devices.
pub fn check_privileges() -> Result<bool> {
    #[cfg(unix)]
    {
        // On Unix, we need root or CAP_NET_ADMIN
        let uid = unsafe { libc::getuid() };
        if uid == 0 {
            return Ok(true);
        }
        
        // Check for CAP_NET_ADMIN on Linux
        #[cfg(target_os = "linux")]
        {
            // Try to check capabilities - simplified check
            // A full implementation would use libcap
            Ok(false)
        }
        
        #[cfg(target_os = "macos")]
        {
            // On macOS, only root can create utun devices
            Ok(false)
        }
        
        #[cfg(not(any(target_os = "linux", target_os = "macos")))]
        {
            Ok(false)
        }
    }
    
    #[cfg(windows)]
    {
        // On Windows, check if we can access WinTUN
        // This is a simplified check
        Ok(true) // Assume we have access if WinTUN is installed
    }
    
    #[cfg(not(any(unix, windows)))]
    {
        Ok(false)
    }
}

/// Get the recommended TUN device name for this platform.
pub fn recommended_device_name() -> &'static str {
    #[cfg(target_os = "linux")]
    {
        "tg0"
    }
    #[cfg(target_os = "macos")]
    {
        "utun" // macOS will append a number
    }
    #[cfg(target_os = "windows")]
    {
        "Triglav"
    }
    #[cfg(not(any(target_os = "linux", target_os = "macos", target_os = "windows")))]
    {
        "tun0"
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_check_privileges() {
        // Should not panic
        let _ = check_privileges();
    }

    #[test]
    fn test_recommended_device_name() {
        let name = recommended_device_name();
        assert!(!name.is_empty());
    }
}