Struct SkippableFrame 

pub struct SkippableFrame { /* private fields */ }

Available on crate feature lsm only.

A typed skippable-frame value.

Construct via SkippableFrame::new (validates the variant bound and payload size up front) or SkippableFrame::decode_from. Round-trip a frame via SkippableFrame::encode_into.

Implementations

impl SkippableFrame

pub fn new( magic_variant: u8, payload: Vec<u8>, ) -> Result<Self, SkippableFrameError>

Build a SkippableFrame from its components. Validates:

• magic_variant <= 15 (SkippableFrameError::InvalidMagicVariant).
• payload.len() <= u32::MAX as usize (SkippableFrameError::PayloadTooLarge) — unreachable on 32-bit and smaller targets but enforced uniformly so 64-bit callers cannot smuggle through an overlong payload.

pub fn magic_variant(&self) -> u8

The 4-bit variant nibble. Combined with SKIPPABLE_MAGIC_START to form the on-wire magic number (magic = START + variant).

pub fn magic_number(&self) -> u32

Full 32-bit magic number this frame serialises with.

pub fn payload(&self) -> &[u8]

Payload bytes carried by the frame (without the 8-byte header).

pub fn into_payload(self) -> Vec<u8>

Move the payload out, consuming the frame.

pub fn serialized_size(&self) -> usize

Total serialised size of this frame on the wire: payload.len() + 8 (8 = 4-byte magic + 4-byte length).

pub fn encode_into<W: Write>(&self, writer: &mut W) -> Result<(), Error>

Serialise this frame into writer. Writes serialized_size() bytes total: 4-byte magic LE, 4-byte length LE, payload bytes.

pub fn decode_from<R: Read>( reader: &mut R, ) -> Result<Self, DecodeSkippableFrameError>

Read one skippable frame from reader. Consumes 4-byte magic + 4-byte length + length payload bytes. The caller is responsible for positioning the reader at a frame boundary; this method does not scan past unknown content.

Three layers of protection against crafted-length DoS:

1. Validates that length is representable on the target pointer width (length + SKIPPABLE_HEADER_SIZE must not overflow usize). On 32-bit targets a wire length near u32::MAX would otherwise overflow serialized_size() and write_skippable_frame_to. Returns DecodeSkippableFrameError::PayloadTooLarge up front.

2. Reserves the address space via Vec::try_reserve_exact, converting alloc-failure into typed DecodeSkippableFrameError::AllocationFailed instead of process abort.

3. Reads the payload in fixed-size chunks via a stack scratch buffer, so the OS only commits pages for bytes the reader actually delivers. A crafted length near u32::MAX on a reader that terminates early surfaces as DecodeSkippableFrameError::Payload without ever committing the full allocation — on OSes with memory overcommit (Linux default) where step 2 would otherwise succeed for any nominal size, this is what makes the “no abort on huge length” guarantee actually reliable.

Callers handling untrusted streams should additionally cap the acceptable payload size at the application layer; this method itself imposes no upper bound beyond the wire-format u32::MAX plus target-representability.

Trait Implementations

impl Clone for SkippableFrame

fn clone(&self) -> SkippableFrame

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SkippableFrame

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for SkippableFrame

fn eq(&self, other: &SkippableFrame) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for SkippableFrame

impl StructuralPartialEq for SkippableFrame