diff --git a/Cargo.lock b/Cargo.lock index c1c7cb4..17915c9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -242,6 +242,8 @@ dependencies = [ name = "aura-proto" version = "0.1.0" dependencies = [ + "anyhow", + "async-trait", "aura-crypto", "aura-pki", "bincode", @@ -281,9 +283,9 @@ name = "aura-tunnel" version = "0.1.0" dependencies = [ "anyhow", + "async-trait", "aura-crypto", "aura-proto", - "aura-transport", "bytes", "hickory-resolver", "ipnetwork", diff --git a/crates/aura-proto/Cargo.toml b/crates/aura-proto/Cargo.toml index 9906110..6c2e0fe 100644 --- a/crates/aura-proto/Cargo.toml +++ b/crates/aura-proto/Cargo.toml @@ -26,6 +26,8 @@ x509-parser.workspace = true # The handshake and session are async over tokio::io::{AsyncRead, AsyncWrite}, so tokio must be a # normal dependency (available via the workspace `full` feature set), not only a dev-dependency. tokio.workspace = true +async-trait.workspace = true +anyhow.workspace = true [dev-dependencies] tokio.workspace = true diff --git a/crates/aura-proto/src/conn.rs b/crates/aura-proto/src/conn.rs new file mode 100644 index 0000000..1eb0af8 --- /dev/null +++ b/crates/aura-proto/src/conn.rs @@ -0,0 +1,23 @@ +//! The full-duplex packet-connection abstraction shared by the transport and the tunnel router. +//! +//! [`PacketConnection`] is the seam between `aura-transport` (which carries packets over a +//! QUIC-backed [`crate::Session`]) and `aura-tunnel`'s router. The router reads IP packets from the +//! TUN device and `send_packet`s the ones routed through the VPN, while a second task `recv_packet`s +//! decrypted IP packets to write back to the TUN. The methods take `&self` (not `&mut self`) so a +//! single connection can be shared — e.g. behind `Arc` — across the concurrent +//! send and receive tasks. +//! +//! It lives in `aura-proto` (rather than `aura-transport`) so that `aura-tunnel` depends only on +//! this stable contract and not on the transport crate, keeping the two independently buildable. + +use async_trait::async_trait; + +/// A bidirectional, encrypted packet pipe to the peer (one IP packet per call). +#[async_trait] +pub trait PacketConnection: Send + Sync { + /// Encrypt and send one IP packet to the peer. + async fn send_packet(&self, packet: &[u8]) -> anyhow::Result<()>; + + /// Receive and decrypt one IP packet from the peer. Returns the plaintext IP packet. + async fn recv_packet(&self) -> anyhow::Result>; +} diff --git a/crates/aura-proto/src/lib.rs b/crates/aura-proto/src/lib.rs index b97fd7a..5b047d9 100644 --- a/crates/aura-proto/src/lib.rs +++ b/crates/aura-proto/src/lib.rs @@ -41,13 +41,15 @@ #![forbid(unsafe_code)] #![warn(missing_docs)] +pub mod conn; pub mod frame; pub mod handshake; pub mod session; +pub use conn::PacketConnection; pub use frame::{Frame, MsgType}; pub use handshake::{client_handshake, server_handshake}; -pub use session::Session; +pub use session::{Session, SessionReceiver, SessionSender}; use thiserror::Error; diff --git a/crates/aura-transport/src/conn.rs b/crates/aura-transport/src/conn.rs deleted file mode 100644 index 8f8096b..0000000 --- a/crates/aura-transport/src/conn.rs +++ /dev/null @@ -1,20 +0,0 @@ -//! The transport's full-duplex packet-connection abstraction. -//! -//! [`PacketConnection`] is the seam between this crate (QUIC transport + the post-handshake -//! `aura_proto::Session`) and `aura-tunnel`'s router. The router reads IP packets from the TUN -//! device and `send_packet`s the ones routed through the VPN, while a second task `recv_packet`s -//! decrypted IP packets to write back to the TUN. The methods take `&self` (not `&mut self`) so a -//! single connection can be shared — e.g. behind `Arc` — across the -//! concurrent send and receive tasks. - -use async_trait::async_trait; - -/// A bidirectional, encrypted packet pipe to the peer (one IP packet per call). -#[async_trait] -pub trait PacketConnection: Send + Sync { - /// Encrypt and send one IP packet to the peer. - async fn send_packet(&self, packet: &[u8]) -> anyhow::Result<()>; - - /// Receive and decrypt one IP packet from the peer. Returns the plaintext IP packet. - async fn recv_packet(&self) -> anyhow::Result>; -} diff --git a/crates/aura-transport/src/lib.rs b/crates/aura-transport/src/lib.rs index 848e7e7..552888c 100644 --- a/crates/aura-transport/src/lib.rs +++ b/crates/aura-transport/src/lib.rs @@ -1,9 +1,4 @@ -//! aura-transport — QUIC transport, HTTPS/H3 traffic mimicry, and the packet-connection seam. +//! aura-transport — QUIC transport and HTTPS/H3 traffic mimicry (skeleton; implemented in Wave 3). //! -//! Implemented in Wave 3. This file currently pins the cross-crate [`PacketConnection`] contract -//! consumed by `aura-tunnel`'s router; the QUIC endpoint (quinn), mimicry, and padding land -//! alongside it in the `quic`, `mimicry`, and `padding` modules. - -pub mod conn; - -pub use conn::PacketConnection; +//! Implements `aura_proto::PacketConnection` over a QUIC-carried `aura_proto::Session`, and provides +//! the quinn endpoint setup (`quic`), mimicry (`mimicry`), and packet padding (`padding`). diff --git a/crates/aura-tunnel/Cargo.toml b/crates/aura-tunnel/Cargo.toml index d7103d1..5304acc 100644 --- a/crates/aura-tunnel/Cargo.toml +++ b/crates/aura-tunnel/Cargo.toml @@ -6,9 +6,9 @@ license.workspace = true description = "Aura tunnel: cross-platform TUN, split-tunnel routing, DNS" [dependencies] -aura-transport.workspace = true aura-proto.workspace = true aura-crypto.workspace = true +async-trait.workspace = true tokio.workspace = true bytes.workspace = true ipnetwork.workspace = true