While at it, fix the label handling and fix a typo in continue_if, where
a `break` falsely replaced a `continue`
Signed-off-by: Paul Spooren <mail@aparcar.org>
The RTX_BUFFER_SIZE function is nowhere used in the code and when
dropping it, usize_max (const version of max()) becomes obsolete, too.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Drop the unused `dur` function, it's nowhere found in the code.
Document both Timebase and Timebase::now()
Add tests
Signed-off-by: Paul Spooren <mail@aparcar.org>
Trigger the internal assert of owned.rs instead of writing our own. To
correctly test it use `should_panic` macro.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Masking the file descriptors (by replaying them with a file descriptor pointing towards /dev/null)
mitigates use after free (on file descriptor) attacks. In case some
piece of code still holds a reference to the file descriptor, that
file descriptor now merely holds a reference to /dev/null.
Otherwise, the file descriptor might be reused and the reference
could now mistakenly point to all sorts of – potentially more harmful – files, such as memfd_secret
file descriptors, storing our secret keys.
Dynamically dispatch WireguardBrokerMio trait in AppServer. Also allows for mio event registration and poll processing, logic from dev/broker-architecture branch
Co-authored-by: Prabhpreet Dua <615318+prabhpreet@users.noreply.github.com>
Co-authored-by: Karolin Varner <karo@cupdev.net>
* wireguard-broker: merge from dev/broker-architecture
* use zerocopy instead of lenses
* Require use_broker feature flag to comile broker binaries
* Remove PhantomData from BrokerServer & BrokerClient
* Modify mio client rx to be non-recursive, add integration test
Co-authored-by: Karolin Varner <karo@cupdev.net>
Co-authored-by: Prabhpreet Dua <615318+prabhpreet@users.noreply.github.com>
When creating secret keys or use the out file feature, the material
shouldn't be readble to everyone by default.
Fix: #260
Signed-off-by: Paul Spooren <mail@aparcar.org>
