Merge branch 'main' into feat/improved-memfd-allocation

.github/workflows/qc.yaml

@@ -110,12 +110,7 @@ jobs:
       - run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --document-private-items
 
   cargo-test:
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-13]
-        # - ubuntu is x86-64
-        # - macos-13 is also x86-64 architecture
     steps:
       - uses: actions/checkout@v3
       - uses: actions/cache@v3

Cargo.lock

@@ -1066,12 +1066,6 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
 
-[[package]]
-name = "hex"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
-
 [[package]]
 name = "home"
 version = "0.5.9"
@@ -2331,12 +2325,6 @@ dependencies = [
  "unicode-ident",
 ]
 
-[[package]]
-name = "take-until"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4e17d8598067a8c134af59cd33c1c263470e089924a11ab61cf61690919fe3b"
-
 [[package]]
 name = "tempfile"
 version = "3.10.1"
@@ -2869,10 +2857,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "89ba4e9811befc20af3b6efb15924a7238ee5e8e8706a196576462a00b9f1af1"
 dependencies = [
  "derive_builder 0.10.2",
- "hex",
  "libc",
  "neli",
- "take-until",
  "thiserror",
 ]
 

Cargo.toml

@@ -77,6 +77,6 @@ procspawn = {version = "1.0.0", features= ["test-support"]}
 
 
 #Broker dependencies (might need cleanup or changes)
-wireguard-uapi = { version = "3.0.0", features = ["xplatform"] }
+wireguard-uapi = "3.0.0"
 command-fds = "0.2.3"
 rustix = { version = "0.38.27", features = ["net"] }

misc/README.md

@@ -1,40 +0,0 @@
-# Additional files
-
-This folder contains additional files that are used in the project.
-
-## `generate_configs.py`
-
-The script is used to generate configuration files for a benchmark setup
-consisting of a device under testing (DUT) and automatic test equipment (ATE),
-basically a strong machine capable of running multiple Rosenpass instances at
-once.
-
-At the top of the script multiple variables can be set to configure the DUT IP
-address and more. Once configured you may run `python3 generate_configs.py` to
-create the configuration files.
-
-A new folder called `output/` is created containing the subfolder `dut/` and
-`ate/`. The former has to be copied on the DUT, ideally reproducible hardware
-like a Raspberry Pi, while the latter is copied to the ATE, i.e. a laptop.
-
-### Running a benchmark
-
-On the ATE a run script is required since multiple instances of `rosenpass` are
-started with different configurations in parallel. The scripts are named after
-the number of instances they start, e.g. `run-50.sh` starts 50 instances.
-
-```shell
-# on the ATE aka laptop
-cd output/ate
-./run-10.sh
-```
-
-On the DUT you start a single Rosenpass instance with the configuration matching
-the ATE number of peers.
-
-```shell
-# on the DUT aka Raspberry Pi
-rosenpass exchange-config configs/dut-10.toml
-```
-
-Use whatever measurement tool you like to monitor the DUT and ATE.

misc/generate_configs.py

@@ -1,105 +0,0 @@
-from pathlib import Path
-from subprocess import run
-
-
-config = dict(
-    peer_counts=[1, 5, 10, 50, 100, 500],
-    peer_count_max=100,
-    ate_ip="192.168.2.1",
-    dut_ip="192.168.2.4",
-    dut_port=9999,
-    path_to_rosenpass_bin="/Users/user/src/rosenppass/rosenpass/target/debug/rosenpass",
-)
-
-print(config)
-
-output_dir = Path("output")
-output_dir.mkdir(exist_ok=True)
-
-template_dut = """
-public_key = "keys/dut-public-key"
-secret_key = "keys/dut-secret-key"
-listen = ["{dut_ip}:{dut_port}"]
-verbosity = "Quiet"
-"""
-template_dut_peer = """
-[[peers]] # ATE-{i}
-public_key = "keys/ate-{i}-public-key"
-endpoint = "{ate_ip}:{ate_port}"
-key_out = "out/key_out_{i}"
-"""
-
-template_ate = """
-public_key = "keys/ate-{i}-public-key"
-secret_key = "keys/ate-{i}-secret-key"
-listen = ["{ate_ip}:{ate_port}"]
-verbosity = "Quiet"
-
-[[peers]] # DUT
-public_key = "keys/dut-public-key"
-endpoint = "{dut_ip}:{dut_port}"
-key_out = "out/key_out_{i}"
-"""
-
-(output_dir / "dut" / "keys").mkdir(exist_ok=True, parents=True)
-(output_dir / "dut" / "out").mkdir(exist_ok=True, parents=True)
-(output_dir / "dut" / "configs").mkdir(exist_ok=True, parents=True)
-(output_dir / "ate" / "keys").mkdir(exist_ok=True, parents=True)
-(output_dir / "ate" / "out").mkdir(exist_ok=True, parents=True)
-(output_dir / "ate" / "configs").mkdir(exist_ok=True, parents=True)
-
-for peer_count in config["peer_counts"]:
-    dut_config = template_dut.format(**config)
-    for i in range(peer_count):
-        dut_config += template_dut_peer.format(**config, i=i, ate_port=50000 + i)
-
-    (output_dir / "dut" / "configs" / f"dut-{peer_count}.toml").write_text(dut_config)
-
-    if not (output_dir / "dut" / "keys" / "dut-public-key").exists():
-        print("Generate DUT keys")
-        run(
-            [
-                config["path_to_rosenpass_bin"],
-                "gen-keys",
-                f"configs/dut-{peer_count}.toml",
-            ],
-            cwd=output_dir / "dut",
-        )
-    else:
-        print("DUT keys already exist")
-
-# copy the DUT public key to the ATE
-(output_dir / "ate" / "keys" / "dut-public-key").write_bytes(
-    (output_dir / "dut" / "keys" / "dut-public-key").read_bytes()
-)
-
-ate_script = "(trap 'kill 0' SIGINT; \\\n"
-
-for i in range(config["peer_count_max"]):
-    (output_dir / "ate" / "configs" / f"ate-{i}.toml").write_text(
-        template_ate.format(**config, i=i, ate_port=50000 + i)
-    )
-
-    if not (output_dir / "ate" / "keys" / f"ate-{i}-public-key").exists():
-        # generate ATE keys
-        run(
-            [config["path_to_rosenpass_bin"], "gen-keys", f"configs/ate-{i}.toml"],
-            cwd=output_dir / "ate",
-        )
-    else:
-        print(f"ATE-{i} keys already exist")
-
-    # copy the ATE public keys to the DUT
-    (output_dir / "dut" / "keys" / f"ate-{i}-public-key").write_bytes(
-        (output_dir / "ate" / "keys" / f"ate-{i}-public-key").read_bytes()
-    )
-
-    ate_script += (
-        f"{config['path_to_rosenpass_bin']} exchange-config configs/ate-{i}.toml & \\\n"
-    )
-
-    if (i + 1) in config["peer_counts"]:
-        write_script = ate_script
-        write_script += "wait)"
-
-        (output_dir / "ate" / f"run-{i+1}.sh").write_text(write_script)

wireguard-broker/Cargo.toml

@@ -44,7 +44,6 @@ path = "src/bin/priviledged.rs"
 test = false
 doc = false
 required-features=["enable_broker_api"]
-cfg = { target_os = "linux" } 
 
 [[bin]]
 name = "rosenpass-wireguard-broker-socket-handler"
@@ -52,4 +51,3 @@ test = false
 path = "src/bin/socket_handler.rs"
 doc = false
 required-features=["enable_broker_api"]
-cfg = { target_os = "linux" } 

wireguard-broker/src/bin/priviledged.rs

@@ -1,67 +1,56 @@
-fn main() {
+use std::io::{stdin, stdout, Read, Write};
-    #[cfg(target_os = "linux")]
+use std::result::Result;
-    linux::main().unwrap();
 
-    #[cfg(not(target_os = "linux"))]
+use rosenpass_wireguard_broker::api::msgs;
-    panic!("This binary is only supported on Linux");
+use rosenpass_wireguard_broker::api::server::BrokerServer;
+use rosenpass_wireguard_broker::brokers::netlink as wg;
+
+#[derive(thiserror::Error, Debug)]
+pub enum BrokerAppError {
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
+    #[error(transparent)]
+    WgConnectError(#[from] wg::ConnectError),
+    #[error(transparent)]
+    WgSetPskError(#[from] wg::SetPskError),
+    #[error("Oversized message {}; something about the request is fatally wrong", .0)]
+    OversizedMessage(u64),
 }
 
-#[cfg(target_os = "linux")]
+fn main() -> Result<(), BrokerAppError> {
-pub mod linux {
+    let mut broker = BrokerServer::new(wg::NetlinkWireGuardBroker::new()?);
-    use std::io::{stdin, stdout, Read, Write};
-    use std::result::Result;
 
-    use rosenpass_wireguard_broker::api::msgs;
+    let mut stdin = stdin().lock();
-    use rosenpass_wireguard_broker::api::server::BrokerServer;
+    let mut stdout = stdout().lock();
-    use rosenpass_wireguard_broker::brokers::netlink as wg;
+    loop {
+        // Read the message length
+        let mut len = [0u8; 8];
+        stdin.read_exact(&mut len)?;
 
-    #[derive(thiserror::Error, Debug)]
+        // Parse the message length
-    pub enum BrokerAppError {
+        let len = u64::from_le_bytes(len);
-        #[error(transparent)]
+        if (len as usize) > msgs::REQUEST_MSG_BUFFER_SIZE {
-        IoError(#[from] std::io::Error),
+            return Err(BrokerAppError::OversizedMessage(len));
-        #[error(transparent)]
-        WgConnectError(#[from] wg::ConnectError),
-        #[error(transparent)]
-        WgSetPskError(#[from] wg::SetPskError),
-        #[error("Oversized message {}; something about the request is fatally wrong", .0)]
-        OversizedMessage(u64),
-    }
-
-    pub fn main() -> Result<(), BrokerAppError> {
-        let mut broker = BrokerServer::new(wg::NetlinkWireGuardBroker::new()?);
-
-        let mut stdin = stdin().lock();
-        let mut stdout = stdout().lock();
-        loop {
-            // Read the message length
-            let mut len = [0u8; 8];
-            stdin.read_exact(&mut len)?;
-
-            // Parse the message length
-            let len = u64::from_le_bytes(len);
-            if (len as usize) > msgs::REQUEST_MSG_BUFFER_SIZE {
-                return Err(BrokerAppError::OversizedMessage(len));
-            }
-
-            // Read the message itself
-            let mut req_buf = [0u8; msgs::REQUEST_MSG_BUFFER_SIZE];
-            let req_buf = &mut req_buf[..(len as usize)];
-            stdin.read_exact(req_buf)?;
-
-            // Process the message
-            let mut res_buf = [0u8; msgs::RESPONSE_MSG_BUFFER_SIZE];
-            let res = match broker.handle_message(req_buf, &mut res_buf) {
-                Ok(len) => &res_buf[..len],
-                Err(e) => {
-                    eprintln!("Error processing message for wireguard PSK broker: {e:?}");
-                    continue;
-                }
-            };
-
-            // Write the response
-            stdout.write_all(&(res.len() as u64).to_le_bytes())?;
-            stdout.write_all(&res)?;
-            stdout.flush()?;
         }
+
+        // Read the message itself
+        let mut req_buf = [0u8; msgs::REQUEST_MSG_BUFFER_SIZE];
+        let req_buf = &mut req_buf[..(len as usize)];
+        stdin.read_exact(req_buf)?;
+
+        // Process the message
+        let mut res_buf = [0u8; msgs::RESPONSE_MSG_BUFFER_SIZE];
+        let res = match broker.handle_message(req_buf, &mut res_buf) {
+            Ok(len) => &res_buf[..len],
+            Err(e) => {
+                eprintln!("Error processing message for wireguard PSK broker: {e:?}");
+                continue;
+            }
+        };
+
+        // Write the response
+        stdout.write_all(&(res.len() as u64).to_le_bytes())?;
+        stdout.write_all(&res)?;
+        stdout.flush()?;
     }
 }

wireguard-broker/src/brokers/mod.rs

@@ -1,6 +1,6 @@
 #[cfg(feature = "enable_broker_api")]
 pub mod mio_client;
-#[cfg(all(feature = "enable_broker_api", target_os = "linux"))]
+#[cfg(feature = "enable_broker_api")]
 pub mod netlink;
 
 pub mod native_unix;

wireguard-broker/src/brokers/netlink.rs

@@ -1,5 +1,3 @@
-#![cfg(target_os = "linux")]
-
 use std::fmt::Debug;
 
 use wireguard_uapi::linux as wg;