Trait FreelistProtection 

pub trait FreelistProtection {
    // Required methods
    fn sign(&self, next_idx: u32, slot_addr: usize) -> u32;
    fn verify(
        &self,
        next_idx: u32,
        stored_mac: u32,
        slot_addr: usize,
    ) -> Result<(), FreelistCorruption>;
}

Pluggable integrity policy for slab freelists.

sign produces a 32-bit MAC over the (next_idx, slot_addr) pair; verify recomputes and compares. Implementations must be deterministic with respect to their internal key — calling sign twice with the same inputs must yield the same MAC.

Required Methods

fn sign(&self, next_idx: u32, slot_addr: usize) -> u32

Sign a freelist link. next_idx is the 1-based slot index being stored, or 0 for the end-of-list sentinel (so the input range is 0..=u32::MAX). slot_addr is the virtual address of the slot containing the link (used as a nonce so that a copy of a freelist link to a different slot won’t verify).

fn verify( &self, next_idx: u32, stored_mac: u32, slot_addr: usize, ) -> Result<(), FreelistCorruption>

Verify a stored MAC. Returns Ok(()) on a valid link, Err(FreelistCorruption) on a mismatch.

Dyn Compatibility

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors

impl FreelistProtection for NoProtection

impl FreelistProtection for SipHashMAC

Available on crate feature siphasher only.