xah30/AuraVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe618b839d7c4e56907d93c8a476eea4a9fbea80
AuraVPN/crates/aura-cli/src/lib.rs
T
xah30 fe618b839d feat(cli): v3.1 multi-hop runtime — circuit client + relay rendezvous 
Completes v3.1 multi-hop / onion routing (2 hops: client → entry-relay →
exit-server). Combined with the scaffold commit (6c14c0d), the property
holds: entry-relay knows the client IP + client_id but cannot decrypt the
data; exit knows the destination but sees the relay's IP as source.

- aura-cli::circuit: dial_circuit(&[entry, exit], proto_cfg, udp_opts) →
  CircuitConnection. Connects to entry as a normal UdpClient, sends an
  ExtendBridge control envelope, awaits CircuitReady, then runs a SECOND
  Aura handshake to the exit through a local loopback UDP proxy — the
  forwarder ferries datagrams between that proxy socket and the outer
  relay PacketConnection. The inner handshake therefore authenticates the
  EXIT cert (verified by the integration test asserting
  circuit.peer_id() == "localhost-exit"); the relay never sees the inner
  session keys.
- aura-cli::relay: rendezvous(conn, whitelist) -> Bridged{bridge} |
  Fallback{first_pkt} | Refused. 2-second window after handshake to receive
  ExtendBridge. Whitelist enforced; CircuitFailed on miss. Empty whitelist
  logs a warning and runs open. Timeout / non-control → Fallback so the
  same server can be both relay (for circuit clients) and exit (for direct
  clients) simultaneously.
- aura-cli::client: when [client.circuit] enabled → dial_circuit; falls
  back to normal aura_transport::dial when disabled.
- aura-cli::server: relay rendezvous wired before pool/CRL/router path.
  run_bridge spawns two forwarder tasks (conn↔bridge UDP socket).
- 3 integration tests: end-to-end (with peer_id assertion), whitelist
  rejection, back-compat (relay disabled → Err). 3 unit tests in relay.rs.

Workspace: 253 tests passed (247 baseline + 6 new), clippy -D warnings clean,
fmt clean. No new workspace deps. All 28 tracked tasks (v1 + v2 + v3.1) now
complete.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-27 13:16:07 +03:00

33 lines
1.1 KiB
Rust
Raw Blame History

//! `aura-cli` library surface.
//!
//! The `aura` binary ([`main`](../main/index.html)) is a thin clap parser + dispatcher over the
//! modules exposed here. They are public so the crate's integration tests (in `tests/`, which
//! compile as separate crates) can drive the PKI handlers, the config parser, and the admin IPC
//! protocol directly — without spawning the binary or needing root.
//!
//! Module map (project §10):
//! * [`config`] — serde TOML structs, `~` expansion, PEM loading, `[tunnel.split]` -> `RouteTable`.
//! * [`pki`] — `aura pki` handlers (init / issue-server / issue-client / revoke / list).
//! * [`admin`] — the JSON-over-Unix-socket admin protocol (route management + status).
//! * [`server`] / [`client`] — the `aura server` / `aura client` data paths.
//! * [`bench`] — the `aura bench-crypto` micro-benchmarks.
pub mod admin;
pub mod bench;
pub mod circuit;
pub mod client;
pub mod config;
pub mod crl_push;
pub mod dial_targets;
pub mod init;
pub mod masks;
pub mod nat;
pub mod no_logs;
pub mod os_routes;
pub mod pki;
pub mod pool;
pub mod privdrop;
pub mod relay;
pub mod server;
pub mod server_router;
Reference in New Issue View Git Blame Copy Permalink