zamsync-network 1.3.0

TCP and mTLS transport for the ZamSync distributed sync engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

use super::frame::MAX_FRAME_SIZE;
use std::io::{ErrorKind, Read};
use zamsync_core::{ZamError, ZamResult};
use zstd;

/// Per-connection receive buffer.
///
/// The 50ms `read_timeout` on TCP sockets is used to poll multiple peers without
/// blocking forever, but it means a `read_exact` inside `read_frame` can be
/// interrupted mid-frame on very slow links (e.g. 3 KB/s). When that happens
/// the partial bytes that were already pulled from the kernel buffer are lost,
/// which shifts every subsequent frame by some number of bytes and breaks the
/// length-prefix framing entirely.
///
/// `FrameBuffer` fixes this by accumulating all received bytes in `buf` and
/// only returning a complete frame once enough bytes are present. Partial reads
/// due to timeout just leave bytes in the buffer for the next poll cycle.
pub struct FrameBuffer {
    buf: Vec<u8>,
}

impl Default for FrameBuffer {
    fn default() -> Self {
        Self::new()
    }
}

impl FrameBuffer {
    pub fn new() -> Self {
        Self { buf: Vec::new() }
    }

    /// Try to return one complete decoded frame.
    ///
    /// Reads as many bytes as the stream offers (stopping on `WouldBlock` or
    /// `TimedOut`), then checks whether the accumulated buffer contains a full
    /// length-prefixed frame.
    ///
    /// Returns:
    /// * `Ok(Some(payload))` -- a complete, decompressed frame is ready.
    /// * `Ok(None)` -- not enough bytes yet; call again after the next read opportunity.
    /// * `Err(_)` -- a real I/O or protocol error occurred.
    pub fn try_read_frame(&mut self, stream: &mut impl Read) -> ZamResult<Option<Vec<u8>>> {
        // Fast path: if the buffer already holds a complete frame, return it
        // without touching the stream at all. This handles the case where a
        // previous read delivered two frames in one syscall.
        if let Some(frame) = self.try_consume_frame()? {
            return Ok(Some(frame));
        }

        // Drain whatever bytes the stream has right now into our buffer.
        let mut tmp = [0u8; 8192];
        let mut got_new_bytes = false;
        loop {
            match stream.read(&mut tmp) {
                Ok(0) => {
                    // The peer sent us EOF (connection closed cleanly).
                    // Only treat it as a real EOF if we received no new bytes
                    // in this call. If we did receive some bytes and *then*
                    // got Ok(0), the OS drained the kernel buffer -- we process
                    // what we have and let the next poll see another Ok(0).
                    if !got_new_bytes {
                        return Err(ZamError::Io(std::io::Error::new(
                            ErrorKind::UnexpectedEof,
                            "connection closed by peer",
                        )));
                    }
                    break;
                }
                Ok(n) => {
                    self.buf.extend_from_slice(&tmp[..n]);
                    got_new_bytes = true;
                }
                Err(e) if e.kind() == ErrorKind::WouldBlock || e.kind() == ErrorKind::TimedOut => {
                    // Nothing more to read right now -- stop draining.
                    break;
                }
                Err(e) => return Err(ZamError::Io(e)),
            }
        }

        // Check the buffer again after draining.
        self.try_consume_frame()
    }

    /// Attempt to extract and decode one complete frame from `self.buf`.
    /// Returns `Ok(None)` if fewer than `4 + total_len` bytes are present.
    fn try_consume_frame(&mut self) -> ZamResult<Option<Vec<u8>>> {
        // Check whether we have accumulated a full frame.
        // Wire format: [4 bytes big-endian u32 = total_len] [1 byte flag] [body]
        if self.buf.len() < 4 {
            return Ok(None);
        }
        let total_len =
            u32::from_be_bytes([self.buf[0], self.buf[1], self.buf[2], self.buf[3]]) as usize;

        if total_len == 0 {
            // Empty frame -- consume the 4-byte header and return an empty payload.
            self.buf.drain(..4);
            return Ok(Some(vec![]));
        }

        if total_len as u64 > MAX_FRAME_SIZE as u64 {
            return Err(ZamError::Protocol(format!(
                "received frame too large: {} bytes (max {})",
                total_len, MAX_FRAME_SIZE
            )));
        }

        let frame_end = 4 + total_len;
        if self.buf.len() < frame_end {
            // Not enough bytes yet -- wait for more.
            return Ok(None);
        }

        // We have a complete frame; decode it.
        let flag = self.buf[4];
        let body = self.buf[5..frame_end].to_vec();
        self.buf.drain(..frame_end);

        const FLAG_RAW: u8 = 0x00;
        const FLAG_ZSTD: u8 = 0x01;

        let payload = match flag {
            FLAG_RAW => body,
            FLAG_ZSTD => zstd::decode_all(body.as_slice())
                .map_err(|e| ZamError::Protocol(format!("zstd decompress: {e}")))?,
            other => {
                return Err(ZamError::Protocol(format!(
                    "unknown frame flag: 0x{other:02x}"
                )))
            }
        };

        Ok(Some(payload))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::protocol::frame::write_frame;
    use std::io::Cursor;

    fn make_frame(payload: &[u8]) -> Vec<u8> {
        let mut buf = Vec::new();
        write_frame(&mut buf, payload).unwrap();
        buf
    }

    #[test]
    fn test_complete_frame_at_once() {
        let payload = b"hello from bhutan";
        let wire = make_frame(payload);
        let mut fb = FrameBuffer::new();
        // Simulate one big read delivering everything.
        let result = fb.try_read_frame(&mut Cursor::new(&wire)).unwrap();
        assert_eq!(result, Some(payload.to_vec()));
        // Buffer should be empty now.
        assert!(fb.buf.is_empty());
    }

    #[test]
    fn test_two_frames_back_to_back() {
        let wire1 = make_frame(b"frame-one");
        let wire2 = make_frame(b"frame-two");
        let mut combined = wire1.clone();
        combined.extend_from_slice(&wire2);

        let mut fb = FrameBuffer::new();
        let r1 = fb.try_read_frame(&mut Cursor::new(&combined)).unwrap();
        assert_eq!(r1, Some(b"frame-one".to_vec()));
        // The second frame's bytes are still in fb.buf -- calling with an
        // empty reader should return the second frame from buffered data.
        let r2 = fb.try_read_frame(&mut Cursor::new(&[])).unwrap();
        assert_eq!(r2, Some(b"frame-two".to_vec()));
    }

    #[test]
    fn test_partial_header_returns_none() {
        let wire = make_frame(b"some data");
        let partial = &wire[..2]; // only 2 of the 4 header bytes
        let mut fb = FrameBuffer::new();
        let result = fb.try_read_frame(&mut Cursor::new(partial)).unwrap();
        assert!(result.is_none());
        assert_eq!(fb.buf.len(), 2);
    }

    #[test]
    fn test_partial_body_returns_none() {
        let wire = make_frame(b"some longer payload that has many bytes");
        let partial = &wire[..wire.len() - 5]; // missing last 5 bytes
        let mut fb = FrameBuffer::new();
        let result = fb.try_read_frame(&mut Cursor::new(partial)).unwrap();
        assert!(result.is_none());
        // Bytes are preserved in the buffer.
        assert_eq!(fb.buf.len(), partial.len());
    }

    #[test]
    fn test_split_delivery_reassembles_frame() {
        let payload = b"patient-record-from-rural-bhutan";
        let wire = make_frame(payload);
        let mid = wire.len() / 2;

        let mut fb = FrameBuffer::new();
        // First half -- should return None.
        let r1 = fb.try_read_frame(&mut Cursor::new(&wire[..mid])).unwrap();
        assert!(r1.is_none());
        // Second half -- should now return the full frame.
        let r2 = fb.try_read_frame(&mut Cursor::new(&wire[mid..])).unwrap();
        assert_eq!(r2, Some(payload.to_vec()));
    }

    #[test]
    fn test_empty_reader_on_empty_buffer_is_eof() {
        let mut fb = FrameBuffer::new();
        // Empty buffer + reader returning Ok(0) = peer closed the connection.
        // This is how the sync session's graceful-close loop detects the end.
        let result = fb.try_read_frame(&mut Cursor::new(&[]));
        assert!(matches!(result, Err(ZamError::Io(_))));
    }
}