alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33 Commits 1 Branch 0 Tags
2ab5eeda530f61bb0f1b16d59f016fe49ef50274
Commit Graph

27 Commits

Author SHA1 Message Date
glm-5.1
2ab5eeda53 Merge remote-tracking branch 'origin/feat/client/connect-options' 2026-06-02 11:07:54 +00:00
glm-5.1
128affd264 Implement ConnectOptions struct and ClientSession orchestration with graceful shutdown 
Adds client/connect.rs with ConnectOptions (programmatic API per ADR-011),
ClientSession::new() for SSH session establishment, ClientSession::run()
for SOCKS5 + port forwards + shutdown, and graceful shutdown via
SIGTERM/SIGINT with SSH disconnect and 2s drain timeout.
 2026-06-02 11:07:33 +00:00
glm-5.1
5a2b535605 Merge remote-tracking branch 'origin/feat/server/rate-limiting-and-logging' 
# Conflicts:
#	crates/wraith-core/src/error.rs
#	crates/wraith-core/src/server/handler.rs
#	crates/wraith-core/src/server/mod.rs
 2026-06-02 11:06:18 +00:00
glm-5.1
24b70f5651 Implement server rate limiting and fail2ban-friendly structured logging 
Add ConnectionRateLimiter (HashMap<IpAddr, usize>) and AuthAttemptLimiter
with check/on_connect/on_disconnect and check/on_failure methods.
Integrate into ServerHandler with structured tracing::info! logging for
auth attempts, connection opened/closed events. No logging of tunnel
destinations per ADR-006. Also add ForwardError type and fix type
annotation in forward.rs to unblock compilation.
 2026-06-02 11:02:55 +00:00
glm-5.1
f963898a05 Implement control channel routing for wraith-* reserved destinations (ADR-018) 
- Add control_channel.rs with WRAITH_CONTROL_DESTINATION, WRAITH_PREFIX constants
- Add ControlChannelHandler trait and ControlChannelRouter for routing logic
- Add DuplexStream supertrait for Box<dyn> compatibility
- Server handler rejects wraith-* destinations when no handler configured
- Add ForwardError type to fix pre-existing compilation error
- Unit tests: reserved detection, non-reserved pass-through, prefix matching
 2026-06-02 11:01:54 +00:00
glm-5.1
992d478630 Merge remote-tracking branch 'origin/feat/transport/acme-cert-provisioning' 2026-06-02 10:49:57 +00:00
glm-5.1
e3f33a24c3 Implement ACME/Let's Encrypt certificate provisioning (ADR-008) 
Add AcmeCertProvider with domain-based and IP-based modes using rustls-acme.
AcmeTlsAcceptor::bind_acme() and TlsAcceptor::bind_acme() provide ACME-integrated
TLS acceptance with automatic cert renewal via background tokio task.
Feature-gated behind 'acme' (implies 'tls'). Unit tests for config construction;
integration test for LE staging marked #[ignore].
 2026-06-02 10:49:32 +00:00
glm-5.1
5fec0b53d9 Merge remote-tracking branch 'origin/feat/client/socks5-server' 2026-06-02 10:49:20 +00:00
glm-5.1
2efd4cf7c5 Implement SOCKS5 server: local proxy forwarding through SSH channels 
Convert socks5.rs to directory module with protocol parsing and server
implementation. Socks5Server binds to configurable address (default
127.0.0.1:1080), handles SOCKS5 handshake (no-auth), parses IPv4/IPv6/domain
addresses, and proxies bidirectionally via SSH direct_tcpip channels.
Domain names sent unresolved (SOCKS5h) to prevent DNS leaks (ADR-006).
No logging of request targets per privacy requirements.
 2026-06-02 10:49:07 +00:00
glm-5.1
4e4afd5020 Merge remote-tracking branch 'origin/feat/client/port-forwarding' 
# Conflicts:
#	crates/wraith-core/src/client/mod.rs
#	crates/wraith-core/src/lib.rs
 2026-06-02 10:46:54 +00:00
glm-5.1
7336c0f13c feat(client): implement port forwarding — local (-L) and remote (-R) forwards 
- PortForwardSpec parses -L/-R spec strings: bind_addr:bind_port:target_host:target_port
- LocalForwarder binds TcpListener, accepts connections, opens SSH direct-tcpip channel, proxies bidirectionally
- RemoteForwarder sends tcpip_forward request, handles forwarded-tcpip channel opens, connects local target, proxies bidirectionally
- Both forwarders run concurrently with SOCKS5 server via Arc<Mutex<Handle>>
- Connection errors close individual channels without affecting other forwards or SSH session
- ForwardError type added with display and source chaining tests
- Unit tests: spec parsing, local forward bind/accept, remote forward proxy bidirectional
 2026-06-02 10:45:43 +00:00
glm-5.1
975778bfb1 Merge remote-tracking branch 'origin/feat/client/channel-manager' 2026-06-02 10:44:32 +00:00
glm-5.1
d6a49a07d7 implement ChannelManager with SSH session management, channel ops, and reconnection 2026-06-02 10:44:21 +00:00
glm-5.1
24b92227e7 Implement ServerHandler with auth delegation and channel dispatch 
Convert server.rs to directory module (server/mod.rs + server/handler.rs).
ServerHandler implements russh::server::Handler with:
- auth_publickey() delegating to ServerAuthConfig with structured logging
- channel_open_direct_tcpip() routing wraith-* prefix to internal handler,
  stub for regular TCP proxy
- ProxyConfig/ProxyMode types for outbound proxy configuration
- Unit tests for auth delegation, reserved destination routing, and
  unknown channel type rejection
 2026-06-02 10:40:05 +00:00
glm-5.1
bf8233af61 fix: add rand dev-dep, install rustls CryptoProvider in TLS tests, fix iroh OsRng import 2026-06-02 10:32:29 +00:00
glm-5.1
b3589a038e Merge remote-tracking branch 'origin/feat/transport/iroh-transport' into transport/trait-and-types 
# Conflicts:
#	Cargo.lock
#	crates/wraith-core/Cargo.toml
 2026-06-02 10:30:12 +00:00
glm-5.1
c3f5f3f504 Implement IrohTransport and IrohAcceptor (feature-gated iroh) 
Add iroh QUIC P2P transport using tokio::io::join for stream duplexing
per ADR-003. Default relay is n0's https://relay.iroh.network/ (ADR-009).
Proxy URL passed to Endpoint::builder (ADR-010). Integration test marked
#[ignore] for CI since it requires iroh relay connectivity.
 2026-06-02 10:29:40 +00:00
glm-5.1
b559e335d3 Implement server-side auth with ServerAuthConfig (Ed25519 keys + cert-authority) 2026-06-02 10:21:28 +00:00
glm-5.1
1054e3907e Merge remote-tracking branch 'origin/feat/transport/tls-transport' into transport/trait-and-types 
# Conflicts:
#	crates/wraith-core/src/transport/tls.rs
 2026-06-02 10:09:12 +00:00
glm-5.1
f6d4705632 Implement TlsTransport and TlsAcceptor with tokio-rustls (feature-gated tls) 2026-06-02 10:08:29 +00:00
glm-5.1
4052c4f19e fix: add ssh-key dev-dependency for server_auth tests 2026-06-02 10:08:11 +00:00
glm-5.1
eb032c87f1 Implement client-side SSH auth handler with ClientAuthConfig and ClientHandler 2026-06-02 10:03:56 +00:00
glm-5.1
b4f4f2ed8c Implement SSH key material loading with KeySource, load_private_key, load_public_keys, and CertAuthorityEntry 2026-06-02 09:52:39 +00:00
glm-5.1
b157ab3799 Implement TcpTransport and TcpAcceptor for plain TCP connections 2026-06-02 09:23:35 +00:00
glm-5.1
dddc6d7a4c Define Transport trait, TransportAcceptor trait, TransportInfo, and TransportKind types 2026-06-02 09:17:50 +00:00
glm-5.1
56d032afdb Define error types for transport, auth, channel, and config layers 2026-06-02 09:16:23 +00:00
glm-5.1
2bc15f1035 Initialize Cargo workspace with wraith-core, wraith, and wraith-napi crates 
- Workspace root Cargo.toml with three crate members
- wraith-core: library with feature flags (tls, iroh, acme), core deps (russh, tokio, tracing, anyhow, thiserror, tokio-util), module skeleton (transport, client, server, auth, socks5, error)
- wraith: binary crate depending on wraith-core with clap derive
- wraith-napi: cdylib crate depending on wraith-core, napi, napi-derive
- .gitignore for target/ and node_modules/
 2026-06-02 09:14:40 +00:00