# VCL Protocol
โ ๏ธ **Development Branch**
>
> You're viewing the `main` branch which is under active development.
> Code here may be unstable or incomplete.
>
> โ
**For stable version:** [crates.io/vcl-protocol](https://crates.io/crates/vcl-protocol)
[](https://crates.io/crates/vcl-protocol)
[](https://docs.rs/vcl-protocol)
[](https://www.rust-lang.org)
[]()
[](LICENSE)
[]()
**Verified Commit Link** โ Cryptographically chained packet transport protocol
---
## ๐ Documentation
---
## ๐ About
VCL Protocol is a transport protocol where each packet cryptographically links to the previous one, creating an immutable chain of data transmission. Inspired by blockchain principles, optimized for real-time networking.
**v0.5.0** adds WebSocket transport for browser-compatible connections, AIMD congestion control with retransmission, RFC 6298 RTT estimation, and a Metrics API for aggregating performance statistics across connections.
**Published on crates.io:** https://crates.io/crates/vcl-protocol
**API Documentation:** https://docs.rs/vcl-protocol
---
## โจ Features
| ๐ Cryptographic Chain | Each packet references hash of previous packet via SHA-256 |
| โ๏ธ Ed25519 Signatures | Fast and secure digital signatures |
| ๐ X25519 Handshake | Ephemeral key exchange, no pre-shared keys needed |
| ๐ XChaCha20-Poly1305 | Authenticated encryption for all payloads |
| ๐ก๏ธ Replay Protection | Sequence numbers + nonce tracking prevent packet replay |
| ๐ช Session Management | close(), is_closed(), timeout handling |
| โฑ๏ธ Inactivity Timeout | Auto-close idle connections (configurable) |
| โ
Chain Validation | Automatic integrity checking on every packet |
| โก UDP Transport | Low latency, high performance |
| ๐ TCP Transport | Reliable ordered delivery for VPN scenarios |
| ๐ WebSocket Transport | Browser-compatible, works through HTTP proxies |
| ๐ Transport Abstraction | Single API works with UDP, TCP, and WebSocket |
| ๐ซ Custom Error Types | Typed `VCLError` enum with full `std::error::Error` impl |
| ๐ก Connection Events | Subscribe to lifecycle & data events via async mpsc channel |
| ๐ Ping / Heartbeat | Built-in ping/pong with automatic round-trip latency measurement |
| ๐ Key Rotation | Rotate encryption keys mid-session without reconnecting |
| ๐ Connection Pool | Manage multiple connections under a single `VCLPool` manager |
| ๐งฉ Packet Fragmentation | Automatic split and reassembly for large payloads |
| ๐ Flow Control | Sliding window with RFC 6298 RTT estimation |
| ๐ Congestion Control | AIMD algorithm with slow start and retransmission |
| ๐ Retransmission | Automatic retransmit on timeout with exponential backoff |
| ๐ Metrics API | `VCLMetrics` aggregates stats across connections and pools |
| โ๏ธ Config Presets | VPN, Gaming, Streaming, Auto โ one line setup |
| ๐ Tracing Logs | Structured logging via `tracing` crate |
| ๐ Benchmarks | Performance benchmarks via `criterion` |
| ๐ Full API Docs | Complete documentation on [docs.rs](https://docs.rs/vcl-protocol) |
| ๐งช Full Test Suite | 113/113 tests passing (unit + integration + doc) |
---
## ๐๏ธ Architecture
```text
Packet N Packet N+1 Packet N+2
+--------+ +--------+ +--------+
| sig | | sig | | sig |
+--------+ +--------+ +--------+
hash(Packet N) -> stored in prev_hash of Packet N+1
hash(Packet N+1) -> stored in prev_hash of Packet N+2
```
### Handshake Flow
```text
Client Server
| |
| <---- ServerHello (pubkey) -- |
| |
| [Shared secret computed] |
| [Secure channel established] |
```
### Encryption Flow
```text
Send: plaintext โ fragment? โ encrypt(XChaCha20) โ sign(Ed25519) โ send
Recv: receive โ verify(Ed25519) โ decrypt(XChaCha20) โ reassemble? โ plaintext
```
### Session Management
```text
- close() โ Gracefully close connection, clear state
- is_closed() โ Check if connection is closed
- set_timeout() โ Configure inactivity timeout (default: 60s)
- last_activity() โ Get timestamp of last send/recv
```
### Event Flow
```text
conn.subscribe() โ mpsc::Receiver<VCLEvent>
Events:
Connected โ handshake completed
Disconnected โ close() called
PacketReceived โ data packet arrived { sequence, size }
PingReceived โ peer pinged us (pong sent automatically)
PongReceived โ our ping was answered { latency: Duration }
KeyRotated โ key rotation completed
Error(msg) โ non-fatal internal error
```
### Key Rotation Flow
```text
Client Server
| |
| <--- KeyRotation(new_pubkey) ---- |
| |
| [both sides now use new key] |
```
### Connection Pool
```text
VCLPool::new(max)
|
โโโ bind("addr") โ ConnectionId(0)
โโโ bind("addr") โ ConnectionId(1)
โโโ bind("addr") โ ConnectionId(2)
|
โโโ connect(id, peer)
โโโ send(id, data)
โโโ recv(id) โ VCLPacket
โโโ ping(id)
โโโ rotate_keys(id)
โโโ close(id)
โโโ close_all()
```
### Fragmentation Flow
```text
send(large_payload)
|
โโโ payload > fragment_size?
| YES โ Fragmenter::split โ [Frag0][Frag1][Frag2]...
| each fragment encrypted + signed separately
| NO โ single Data packet
|
recv()
|
โโโ PacketType::Fragment โ Reassembler::add(frag)
| incomplete โ loop, wait for more fragments
| complete โ return reassembled VCLPacket
โโโ PacketType::Data โ return directly
```
### Flow Control & Congestion Control (v0.5.0)
```text
FlowController (sliding window + AIMD)
|
โโโ can_send() โ effective window has space?
โโโ on_send(seq, data) โ register packet as in-flight
โโโ on_ack(seq) โ remove from window, update RTT (RFC 6298)
โโโ timed_out_packets() โ RetransmitRequest[] with data to resend
โโโ loss_rate() โ f64 packet loss rate
โโโ cwnd() โ current congestion window
โโโ in_slow_start() โ slow start phase active?
AIMD:
No loss โ cwnd += 1/cwnd per ack (additive increase)
Loss โ cwnd = 1, ssthresh /= 2 (multiplicative decrease)
RTO โ doubles on loss, min 50ms, max 60s
```
### WebSocket Transport (v0.5.0)
```text
VCLTransport::bind_ws("addr") โ WebSocketListener
VCLTransport::connect_ws("url") โ WebSocketClient
listener.accept() โ WebSocketServer
All send/recv via binary frames โ same API as TCP/UDP
Works through HTTP proxies and firewalls
```
### Config Presets
```text
VCLConfig::vpn() โ TCP + Reliable (VPN, file transfer)
VCLConfig::gaming() โ UDP + Partial (games, real-time)
VCLConfig::streaming() โ UDP + Unreliable (video, audio)
VCLConfig::auto() โ Auto + Adaptive (recommended default)
```
---
## ๐ Quick Start
### Installation
```bash
```
### Run Demo
```bash
cargo run
```
### Run Tests
```bash
cargo test
```
### Run Benchmarks
```bash
cargo bench
```
### Event Subscription Example
```rust
use vcl_protocol::connection::VCLConnection;
use vcl_protocol::VCLEvent;
#[tokio::main]
async fn main() {
let mut conn = VCLConnection::bind("127.0.0.1:0").await.unwrap();
let mut events = conn.subscribe();
tokio::spawn(async move {
while let Some(event) = events.recv().await {
match event {
VCLEvent::Connected => println!("Connected!"),
VCLEvent::PongReceived { latency } => println!("Latency: {:?}", latency),
VCLEvent::KeyRotated => println!("Keys rotated!"),
VCLEvent::Disconnected => break,
_ => {}
}
}
});
conn.connect("127.0.0.1:8080").await.unwrap();
}
```
### Connection Pool Example
```rust
use vcl_protocol::VCLPool;
#[tokio::main]
async fn main() {
let mut pool = VCLPool::new(10);
let id = pool.bind("127.0.0.1:0").await.unwrap();
pool.connect(id, "127.0.0.1:8080").await.unwrap();
pool.send(id, b"Hello from pool!").await.unwrap();
let packet = pool.recv(id).await.unwrap();
println!("{}", String::from_utf8_lossy(&packet.payload));
pool.close(id).unwrap();
}
```
### Config Preset Example
```rust
use vcl_protocol::connection::VCLConnection;
use vcl_protocol::config::VCLConfig;
#[tokio::main]
async fn main() {
let mut server = VCLConnection::bind_with_config(
"127.0.0.1:8080",
VCLConfig::vpn()
).await.unwrap();
server.accept_handshake().await.unwrap();
let packet = server.recv().await.unwrap();
println!("Received: {}", String::from_utf8_lossy(&packet.payload));
}
```
### WebSocket Example (v0.5.0)
```rust
use vcl_protocol::transport::VCLTransport;
#[tokio::main]
async fn main() {
// Server
let listener = VCLTransport::bind_ws("127.0.0.1:8080").await.unwrap();
let mut server_conn = listener.accept().await.unwrap();
// Client
let mut client = VCLTransport::connect_ws("ws://127.0.0.1:8080").await.unwrap();
client.send_raw(b"hello websocket").await.unwrap();
let (data, _) = server_conn.recv_raw().await.unwrap();
println!("{}", String::from_utf8_lossy(&data));
}
```
### Metrics Example (v0.5.0)
```rust
use vcl_protocol::metrics::VCLMetrics;
let mut m = VCLMetrics::new();
m.record_sent(1024);
m.record_received(512);
m.record_rtt_sample(std::time::Duration::from_millis(42));
println!("Loss rate: {:.2}%", m.loss_rate() * 100.0);
println!("Avg RTT: {:?}", m.avg_rtt());
println!("Throughput sent: {:.0} B/s", m.throughput_sent_bps());
```
---
## ๐ฆ Packet Structure
```rust
pub struct VCLPacket {
pub version: u8, // Protocol version (2)
pub packet_type: PacketType, // Data | Ping | Pong | KeyRotation | Fragment
pub sequence: u64, // Monotonic packet sequence number
pub prev_hash: Vec<u8>, // SHA-256 hash of previous packet
pub nonce: [u8; 24], // XChaCha20 nonce for encryption
pub payload: Vec<u8>, // Decrypted data payload (after recv())
pub signature: Vec<u8>, // Ed25519 signature
}
```
---
## ๐ Benchmarks
Measured on WSL2 Debian, optimized build (`cargo bench`):
| keypair_generate | ~13 ยตs |
| encrypt 64B | ~1.5 ยตs |
| encrypt 16KB | ~12 ยตs |
| decrypt 64B | ~1.4 ยตs |
| decrypt 16KB | ~13 ยตs |
| packet_sign | ~32 ยตs |
| packet_verify | ~36 ยตs |
| packet_serialize | ~0.8 ยตs |
| packet_deserialize | ~1.1 ยตs |
| full pipeline 64B | ~38 ยตs |
| full pipeline 4KB | ~48 ยตs |
---
## ๐ฏ Use Cases
### ๐ฐ Financial Transactions
Immutable audit log of all transactions with cryptographic proof of integrity.
### ๐ฎ Anti-Cheat Systems
Verify integrity of game events and detect tampering in real-time.
### ๐ Audit Logging
Cryptographically proven data integrity for compliance and debugging.
### ๐ Secure Communications
Authenticated, encrypted channel with replay protection and session management.
### ๐ VPN Tunnels
TCP transport + reliable delivery + fragmentation + retransmission โ production-grade transport protocol for VPN infrastructure.
### ๐ Browser Clients
WebSocket transport allows VCL Protocol to work from browsers and through corporate HTTP proxies.
---
## ๐ฌ Technical Details
### Cryptography
- **Hashing:** SHA-256
- **Signatures:** Ed25519
- **Key Exchange:** X25519
- **Encryption:** XChaCha20-Poly1305 (AEAD)
- **Key Generation:** CSPRNG
- **Replay Protection:** Sequence validation + nonce tracking (1000-entry window)
### Transport
- **UDP** โ low latency, default
- **TCP** โ reliable, ordered (VPN mode)
- **WebSocket** โ browser-compatible, HTTP proxy-friendly
- **Runtime:** Tokio async
- **Max Packet Size:** 65535 bytes
- **TCP/WS Framing:** 4-byte big-endian length prefix (TCP), binary frames (WS)
### Fragmentation
- **Threshold:** configurable via `VCLConfig::fragment_size` (default 1200 bytes)
- **Out-of-order reassembly:** supported
- **Duplicate fragments:** silently ignored
- **Max pending messages:** 256 (configurable)
### Flow Control & Congestion Control (v0.5.0)
- **Algorithm:** Sliding window + AIMD
- **Slow start:** exponential cwnd growth until ssthresh
- **Congestion avoidance:** additive increase 1/cwnd per ack
- **Loss response:** cwnd = 1, ssthresh halved, back to slow start
- **RTT estimation:** RFC 6298 (SRTT + RTTVAR)
- **RTO:** dynamic, doubles on loss, min 50ms, max 60s
### Retransmission (v0.5.0)
- `timed_out_packets()` returns `RetransmitRequest { sequence, data, retransmit_count }`
- Data payload stored in-flight for retransmission
- Exponential backoff on repeated loss
### Metrics (v0.5.0)
- `VCLMetrics` tracks: bytes, packets, retransmits, drops, RTT, cwnd, throughput, uptime
- RTT and cwnd sliding windows of 64 samples
- `merge()` for pool-level aggregation
### Serialization
- **Format:** Bincode
- **Efficiency:** Minimal overhead, fast serialization
### Dependencies
- `ed25519-dalek` โ Ed25519 signatures
- `x25519-dalek` โ X25519 key exchange
- `chacha20poly1305` โ XChaCha20-Poly1305 AEAD encryption
- `sha2` โ SHA-256 hashing
- `tokio` โ Async runtime
- `tokio-tungstenite` โ WebSocket transport
- `futures-util` โ async stream utilities
- `serde` + `bincode` โ Serialization
- `tracing` โ Structured logging
- `tracing-subscriber` โ Log output
---
## ๐ ๏ธ Development
```bash
cargo test # Run all tests (113/113)
cargo test --lib # Unit tests only
cargo test --test integration_test # Integration tests only
cargo bench # Run benchmarks
cargo run --example server # Run example server
cargo run --example client # Run example client
cargo fmt # Format code
cargo clippy # Linting
cargo build --release # Release build
cargo doc --open # Generate and open docs locally
```
---
## ๐ License
MIT License โ see [LICENSE](LICENSE) file for details.
---
## ๐ค Author
**ultrakill148852-collab** โ Creator of the VCL Protocol
GitHub: [@ultrakill148852-collab](https://github.com/ultrakill148852-collab)
---
## ๐ Acknowledgments
- **Ed25519** โ Fast and secure cryptography
- **X25519** โ Efficient elliptic-curve key exchange
- **XChaCha20-Poly1305** โ Modern authenticated encryption
- **Tokio** โ Asynchronous runtime for Rust
- **Rust** โ The language that makes the impossible possible
---
<div align="center">
**Made with โค๏ธ using Rust**
[โฌ๏ธ Back to top](#vcl-protocol)
</div>