docs.rs failed to build wireguard-embed-1.0.0
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
wireguard-embed: a std + alloc driver around the
[wireguard_sans_io] no_std core, giving you BoringTun-style
ergonomics (built-in clock, OS RNG, rate limiter, packet queue) while
every byte on the wire still comes from the panic-free,
zero-unsafe core.
What this crate adds on top of the core
| Concern | wireguard-sans-io core |
this crate |
|---|---|---|
| clock | caller passes [Now] |
reads Instant/SystemTime |
| entropy | caller passes &mut dyn EntropySource |
OS RNG via getrandom |
rate limit / under_load |
caller decides | built-in [RateLimiter] (BoringTun heuristic) |
| packet queue while no session | caller retries | internal VecDeque, drained on completion |
| padding trim on receive | caller calls ip_packet_len |
done for you |
remote cookie binding |
caller encodes | SocketAddr → fixed 18-byte encoding |
| buffer management | caller-provided slices | [SlabPool] + RAII [PooledBuf]: bounded freelist of Box<[u8]> slabs (stable address ⇒ io_uring/RIO-ready); steady-state data path is allocation-free |
| async runtime | n/a | feature async: tokio::AsyncTunn — select! loop over UdpSocket + next_wake() + two mpsc<PooledBuf> channels for the TUN side |
SIMD
[Tunn] always uses [Backend] = [simd::Best] for the transport
ChaCha20 keystream — AVX2 8-way on x86_64, NEON 4-way on aarch64,
the scalar path elsewhere. The core stays
#![forbid(unsafe_code)]; all unsafe is confined to the
wireguard-chacha-simd crate and validated against the scalar
oracle. To pin a specific backend, construct
[Tunnel]<C>::with_backend directly via the core API.
API shape (BoringTun-compatible-ish)
let mut tunn = Tunn::new(static_private, peer_public, None, None, rate_limiter);
match tunn.encapsulate(ip_packet, &mut dst) { ... }
match tunn.decapsulate(Some(src_addr), datagram, &mut dst) { ... }
match tunn.update_timers(&mut dst) { ... } // call once/sec, or:
let wake = tunn.next_wake(); // sleep exactly
Dropping back to the core API for anything this layer doesn't expose:
[Tunn::core] / [Tunn::core_mut].