Skip to main content

OverlayTransport

zlayer_overlay::transport

Struct OverlayTransport 

Source 
pub struct OverlayTransport { /* private fields */ }
Expand description

Encrypted overlay transport layer.

Uses boringtun (userspace WireGuard) to create TUN-based encrypted tunnels. No kernel WireGuard module required.

Important: This struct holds the boringtun DeviceHandle (or, on Windows, the Wintun adapter + spawned loop tasks). Dropping the struct tears down the TUN device. Callers must keep this struct alive for the entire overlay network lifetime.

Implementations§

Source§

impl OverlayTransport

Source

pub fn new(config: OverlayConfig, interface_name: String) -> Self

Create a new overlay transport (device is not started yet).

Source

pub fn interface_name(&self) -> &str

Get the resolved interface name.

On macOS, this returns the kernel-assigned utunN name after [create_interface] has been called. Before that, it returns the name passed to [new].

Source

pub async fn create_interface(&mut self) -> Result<(), Box<dyn Error>>

Create the TUN interface.

On Linux/macOS this spawns boringtun worker threads that manage the TUN device. On Windows it instantiates a Wintun adapter (no boringtun threads — the Windows packet loop is driven directly via boringtun::noise::Tunn in a follow-up task; today this only stands the adapter up so IP configuration can run).

The device is torn down when this struct is dropped (or [shutdown] is called).

On Linux, creates a named TUN interface (requires CAP_NET_ADMIN). On macOS, creates a kernel-assigned utunN interface (requires sudo). On Windows, creates a Wintun adapter (requires Administrator and wintun.dll on disk — see [crate::tun::windows]).

§Errors

Returns an error if the TUN device cannot be created or required privileges are unavailable.

Source

pub async fn configure( &mut self, peers: &[PeerInfo], ) -> Result<(), Box<dyn Error>>

Configure the transport with private key, listen port, and peers.

On Linux/macOS this writes the WireGuard configuration via UAPI to boringtun’s per-interface socket, then assigns the overlay IP and brings the interface up via [InterfaceOps].

On Windows this binds the UDP listener, creates a boringtun::noise::Tunn instance for each configured peer, spawns the ingress / egress / timers tasks that drive the noise protocol against the Wintun adapter, and configures the IP layer.

§Errors

On Linux/macOS, returns an error if UAPI configuration or IP assignment fails. On Windows, returns an error if the Wintun adapter is missing, the UDP socket cannot be bound, key decoding fails, or the IP layer cannot be configured.

Source

pub async fn add_peer(&self, peer: &PeerInfo) -> Result<(), Box<dyn Error>>

Add a peer dynamically.

On Linux/macOS this writes to boringtun’s UAPI socket. On Windows it returns an error until the per-peer boringtun::noise::Tunn map is wired (Phase D3.x).

§Errors

Returns an error if the key conversion or UAPI command fails on Linux/macOS, or always on Windows (until the packet loop lands).

Source

pub async fn remove_peer(&self, public_key: &str) -> Result<(), Box<dyn Error>>

Remove a peer.

On Linux/macOS this writes to boringtun’s UAPI socket. On Windows it returns an error until the per-peer boringtun::noise::Tunn map is wired (Phase D3.x).

§Errors

Returns an error if the key conversion or UAPI command fails on Linux/macOS, or always on Windows (until the packet loop lands).

Source

pub async fn status(&self) -> Result<String, Box<dyn Error>>

Query interface status.

On Linux/macOS this reads boringtun’s UAPI socket. On Windows it returns an error until the packet loop lands (since there is no running WireGuard stack to query yet).

§Errors

Returns an error if the UAPI query fails on Linux/macOS, or always on Windows.

Source

pub async fn generate_keys() -> Result<(String, String), Box<dyn Error>>

Generate an overlay keypair using native Rust crypto (x25519-dalek).

No external binary is required. Returns (private_key, public_key) in base64 encoding.

§Errors

This method currently always succeeds but returns Result for API consistency.

Source

pub fn shutdown(&mut self)

Shut down the overlay transport, destroying the TUN device.

On Linux/macOS this takes the boringtun DeviceHandle and drops it, which triggers boringtun’s cleanup logic (signal exit + join worker threads + remove socket).

On Windows it takes the Wintun adapter handle and drops it, which ends the session and removes the adapter from the Windows device tree.

Trait Implementations§

Source§

impl Drop for OverlayTransport

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

fn pin_drop(self: Pin<&mut Self>)

🔬This is a nightly-only experimental API. (pin_ergonomics)
Execute the destructor for this type, but different to Drop::drop, it requires self to be pinned. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more