1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
//! Safe Rust wrapper for the Windows Host Compute Network Service (HCN v2).
//!
//! HCN is the networking half of the Windows container stack — companion to
//! the Host Compute Service (HCS). The underlying surface lives in
//! `computenetwork.dll`. This crate wraps those raw calls with RAII handle
//! types, async-ready helpers around the synchronous HCN API, JSON schema
//! types matching `hcsshim/hcn` v2, and high-level `NetAttacher`-friendly
//! abstractions for attaching containers to networks via HCN namespaces.
//!
//! The crate is Windows-only. On every other platform it compiles to an
//! empty stub so callers can depend on it unconditionally.
//!
//! # `unsafe` policy
//!
//! This crate is the authoritative Windows HCN FFI boundary for `ZLayer`. It
//! exists specifically to wrap the unsafe `computenetwork.dll` entry points
//! behind safe, typed Rust APIs, so `unsafe` is allowed at the crate level
//! here even though the workspace-wide policy (`-W unsafe-code`) forbids it
//! everywhere else. Every `unsafe` block, `unsafe impl`, `unsafe fn`, and
//! `unsafe` method in this crate carries a `SAFETY:` comment explaining why
//! the required invariants hold — do not add a new `unsafe` site without one.
// FFI-boundary lints: this crate's entire job is marshaling data into raw
// pointers for the HCN C ABI. We take `&mut x` / `&x` borrows and hand
// them to `Hcn*` entry points that take `*mut T` / `*const T`; we cast
// between related pointer shapes (e.g. the stable `*const c_void` alias
// in `handle.rs` vs the `*mut c_void` out-params HCN returns); and we
// navigate `GetAdaptersAddresses`'s variable-length IP_ADAPTER_ADDRESSES_LH
// linked list by casting from `*const u8` after byte-offset arithmetic.
// Each site is inside an `unsafe` block with a `SAFETY:` comment; the
// workspace-wide policy for these lints remains in force everywhere else.