push.rocks/smartnetwork
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(smartnetwork): add Rust-powered network diagnostics bridge and IP intelligence lookups

Browse Source
This commit is contained in:
Jürgen Kunz
2026-03-26 15:24:43 +00:00
parent e9dcd45acd
commit c3ac9b4f9e
34 changed files with 5499 additions and 3159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
rust/crates/rustnetwork/Cargo.toml Normal file
View File

@@ -0,0 +1,18 @@
[package]
name = "rustnetwork"
version.workspace = true
edition.workspace = true
[[bin]]
name = "rustnetwork"
path = "src/main.rs"
[dependencies]
tokio.workspace = true
serde.workspace = true
serde_json.workspace = true
clap.workspace = true
tracing.workspace = true
tracing-subscriber.workspace = true
surge-ping.workspace = true
socket2.workspace = true

232
rust/crates/rustnetwork/src/gateway.rs Normal file
View File

@@ -0,0 +1,232 @@
use std::net::{Ipv4Addr, Ipv6Addr};
#[derive(Debug)]
pub struct GatewayAddress {
pub family: String,
pub address: String,
}
#[derive(Debug)]
pub struct GatewayInfo {
pub interface_name: String,
pub addresses: Vec<GatewayAddress>,
}
/// Get the default gateway interface and its addresses.
/// Linux-only: parses /proc/net/route to find the default route,
/// then reads interface addresses from /proc/net/if_inet6 and /proc/net/fib_trie.
pub fn get_default_gateway() -> Result<GatewayInfo, String> {
let iface = get_default_interface()?;
let addresses = get_interface_addresses(&iface)?;
Ok(GatewayInfo {
interface_name: iface,
addresses,
})
}
/// Parse /proc/net/route to find the default route interface
fn get_default_interface() -> Result<String, String> {
let content =
std::fs::read_to_string("/proc/net/route").map_err(|e| format!("Cannot read /proc/net/route: {e}"))?;
for line in content.lines().skip(1) {
let fields: Vec<&str> = line.split_whitespace().collect();
if fields.len() < 8 {
continue;
}
let destination = fields[1];
let flags = u32::from_str_radix(fields[3], 16).unwrap_or(0);
// Destination 00000000 = default route, flags & 0x2 = RTF_GATEWAY
if destination == "00000000" && (flags & 0x2) != 0 {
return Ok(fields[0].to_string());
}
}
Err("No default gateway found in /proc/net/route".to_string())
}
/// Get IPv4 and IPv6 addresses for a given interface
fn get_interface_addresses(iface: &str) -> Result<Vec<GatewayAddress>, String> {
let mut addresses = Vec::new();
// IPv4: parse /proc/net/fib_trie or fallback to reading /sys/class/net/<iface>/...
if let Ok(ipv4_addrs) = get_ipv4_addresses(iface) {
for addr in ipv4_addrs {
addresses.push(GatewayAddress {
family: "IPv4".to_string(),
address: addr.to_string(),
});
}
}
// IPv6: parse /proc/net/if_inet6
if let Ok(ipv6_addrs) = get_ipv6_addresses(iface) {
for addr in ipv6_addrs {
addresses.push(GatewayAddress {
family: "IPv6".to_string(),
address: addr.to_string(),
});
}
}
Ok(addresses)
}
/// Get IPv4 addresses for an interface by reading /proc/net/fib_trie
fn get_ipv4_addresses(iface: &str) -> Result<Vec<Ipv4Addr>, String> {
// Simpler approach: use the ip command output or parse /sys/class/net
// Let's read from /sys/class/net/<iface>/... via getifaddrs equivalent
// Actually, let's parse /proc/net/fib_trie
let content = std::fs::read_to_string("/proc/net/fib_trie")
.map_err(|e| format!("Cannot read /proc/net/fib_trie: {e}"))?;
// Also need to correlate with interface. Simpler: read RTNETLINK via a different approach.
// Fallback to a cleaner approach: parse `ip -4 addr show <iface>` equivalent via /proc
// Use /proc/net/if_inet6 for v6 and a different approach for v4:
// Read all interface addresses by parsing the route table and ARP cache
// Actually, the simplest reliable approach on Linux: use nix/libc getifaddrs
// But to avoid extra deps, let's parse /proc/net/fib_trie looking for LOCAL entries
let mut addresses = Vec::new();
let mut in_local_table = false;
let mut current_prefix: Option<String> = None;
for line in content.lines() {
let trimmed = line.trim();
if trimmed.starts_with("Local:") {
in_local_table = true;
continue;
}
if trimmed.starts_with("Main:") {
in_local_table = false;
continue;
}
if !in_local_table {
continue;
}
// Look for lines like " |-- 192.168.1.0" (prefix) or "/32 host LOCAL" (entry)
if trimmed.contains("|--") {
let parts: Vec<&str> = trimmed.split_whitespace().collect();
if parts.len() >= 2 {
current_prefix = Some(parts.last().unwrap().to_string());
}
}
if trimmed.contains("/32 host LOCAL") {
if let Some(ref prefix) = current_prefix {
if let Ok(addr) = prefix.parse::<Ipv4Addr>() {
// Now verify this belongs to our interface
// We need interface correlation — check via /sys
addresses.push(addr);
}
}
}
}
// If fib_trie parsing yielded results, filter by interface
// Read interface index mapping
if !addresses.is_empty() {
let filtered = filter_addresses_by_interface(iface, &addresses);
if !filtered.is_empty() {
return Ok(filtered);
}
}
// Fallback: try reading from /sys/class/net/<iface>/
// Parse the operstate and try to extract from ARP
get_ipv4_from_sys(iface)
}
/// Filter addresses to those belonging to a specific interface
fn filter_addresses_by_interface(iface: &str, candidates: &[Ipv4Addr]) -> Vec<Ipv4Addr> {
let route_content = match std::fs::read_to_string("/proc/net/route") {
Ok(c) => c,
Err(_) => return Vec::new(),
};
let mut iface_networks: Vec<(u32, u32)> = Vec::new(); // (network, mask)
for line in route_content.lines().skip(1) {
let fields: Vec<&str> = line.split_whitespace().collect();
if fields.len() < 8 || fields[0] != iface {
continue;
}
let dest = u32::from_str_radix(fields[1], 16).unwrap_or(0);
let mask = u32::from_str_radix(fields[7], 16).unwrap_or(0);
if dest != 0 && mask != 0 {
iface_networks.push((dest, mask));
}
}
candidates
.iter()
.filter(|addr| {
let octets = addr.octets();
let addr_u32 = u32::from_le_bytes(octets); // /proc/net/route uses little-endian
iface_networks
.iter()
.any(|(net, mask)| (addr_u32 & mask) == (net & mask))
})
.copied()
.collect()
}
/// Fallback: get IPv4 address from /sys filesystem
fn get_ipv4_from_sys(_iface: &str) -> Result<Vec<Ipv4Addr>, String> {
// Fallback: return empty — TS side uses os.networkInterfaces() to enrich
Ok(Vec::new())
}
/// Get IPv6 addresses for an interface from /proc/net/if_inet6
fn get_ipv6_addresses(iface: &str) -> Result<Vec<Ipv6Addr>, String> {
let content = std::fs::read_to_string("/proc/net/if_inet6")
.map_err(|e| format!("Cannot read /proc/net/if_inet6: {e}"))?;
let mut addresses = Vec::new();
for line in content.lines() {
let fields: Vec<&str> = line.split_whitespace().collect();
if fields.len() < 6 {
continue;
}
let dev_name = fields[5];
if dev_name != iface {
continue;
}
let hex_addr = fields[0];
if hex_addr.len() != 32 {
continue;
}
// Parse 32-char hex into IPv6 address
if let Ok(addr) = parse_ipv6_hex(hex_addr) {
addresses.push(addr);
}
}
Ok(addresses)
}
/// Parse a 32-character hex string into an Ipv6Addr
fn parse_ipv6_hex(hex: &str) -> Result<Ipv6Addr, String> {
if hex.len() != 32 {
return Err("Invalid hex length".to_string());
}
let mut segments = [0u16; 8];
for (i, segment) in segments.iter_mut().enumerate() {
let start = i * 4;
let end = start + 4;
*segment =
u16::from_str_radix(&hex[start..end], 16).map_err(|e| format!("Invalid hex: {e}"))?;
}
Ok(Ipv6Addr::new(
segments[0],
segments[1],
segments[2],
segments[3],
segments[4],
segments[5],
segments[6],
segments[7],
))
}

48
rust/crates/rustnetwork/src/ipc_types.rs Normal file
View File

@@ -0,0 +1,48 @@
use serde::{Deserialize, Serialize};
/// Request received from TypeScript via stdin
#[derive(Debug, Deserialize)]
pub struct IpcRequest {
pub id: String,
pub method: String,
#[serde(default)]
pub params: serde_json::Value,
}
/// Response sent to TypeScript via stdout
#[derive(Debug, Serialize)]
pub struct IpcResponse {
pub id: String,
pub success: bool,
#[serde(skip_serializing_if = "Option::is_none")]
pub result: Option<serde_json::Value>,
#[serde(skip_serializing_if = "Option::is_none")]
pub error: Option<String>,
}
/// Unsolicited event sent to TypeScript via stdout (no id field)
#[derive(Debug, Serialize)]
pub struct IpcEvent {
pub event: String,
pub data: serde_json::Value,
}
impl IpcResponse {
pub fn success(id: String, result: serde_json::Value) -> Self {
Self {
id,
success: true,
result: Some(result),
error: None,
}
}
pub fn error(id: String, message: String) -> Self {
Self {
id,
success: false,
result: None,
error: Some(message),
}
}
}

43
rust/crates/rustnetwork/src/main.rs Normal file
View File

@@ -0,0 +1,43 @@
mod gateway;
mod ipc_types;
mod management;
mod ping;
mod port_scan;
mod traceroute;
use clap::Parser;
use tracing_subscriber::EnvFilter;
#[derive(Parser)]
#[command(name = "rustnetwork", about = "Network diagnostics binary")]
struct Cli {
/// Run in IPC management mode (JSON-over-stdin/stdout)
#[arg(long)]
management: bool,
}
fn main() {
let cli = Cli::parse();
if cli.management {
// Set up tracing to stderr (stdout is reserved for IPC)
tracing_subscriber::fmt()
.with_env_filter(
EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("warn")),
)
.with_writer(std::io::stderr)
.with_target(false)
.init();
// Run the tokio runtime for the management loop
let runtime = tokio::runtime::Builder::new_multi_thread()
.enable_all()
.build()
.expect("Failed to create tokio runtime");
runtime.block_on(management::management_loop());
} else {
eprintln!("Use --management for IPC mode");
std::process::exit(1);
}
}

233
rust/crates/rustnetwork/src/management.rs Normal file
View File

@@ -0,0 +1,233 @@
use crate::ipc_types::{IpcEvent, IpcRequest, IpcResponse};
use crate::{gateway, ping, port_scan, traceroute};
use serde_json::json;
use tokio::io::{AsyncBufReadExt, BufReader};
use tracing::{debug, error, info, warn};
/// Write a JSON line to stdout (IPC channel to TypeScript)
fn send_line(value: &impl serde::Serialize) {
if let Ok(json) = serde_json::to_string(value) {
println!("{json}");
}
}
/// Main management loop: reads JSON commands from stdin, dispatches to handlers
pub async fn management_loop() {
// Emit ready event
let ready_event = IpcEvent {
event: "ready".to_string(),
data: json!({ "version": env!("CARGO_PKG_VERSION") }),
};
send_line(&ready_event);
info!("Management mode ready");
// Set up stdin reader
let stdin = tokio::io::stdin();
let reader = BufReader::new(stdin);
let mut lines = reader.lines();
// Process lines
loop {
match lines.next_line().await {
Ok(Some(line)) => {
let line = line.trim().to_string();
if line.is_empty() {
continue;
}
debug!("Received request: {}", &line);
// Parse the request
let request: IpcRequest = match serde_json::from_str(&line) {
Ok(req) => req,
Err(e) => {
warn!("Invalid JSON request: {e}");
continue;
}
};
// Spawn handler task
tokio::spawn(async move {
let response = dispatch_command(&request).await;
send_line(&response);
});
}
Ok(None) => {
// stdin closed — parent process is gone
info!("Stdin closed, shutting down");
break;
}
Err(e) => {
error!("Error reading stdin: {e}");
break;
}
}
}
}
/// Dispatch a command to the appropriate handler
async fn dispatch_command(req: &IpcRequest) -> IpcResponse {
match req.method.as_str() {
"healthPing" => IpcResponse::success(req.id.clone(), json!({ "pong": true })),
"ping" => handle_ping(req).await,
"traceroute" => handle_traceroute(req).await,
"tcpPortCheck" => handle_tcp_port_check(req).await,
"isLocalPortFree" => handle_is_local_port_free(req).await,
"defaultGateway" => handle_default_gateway(req).await,
_ => IpcResponse::error(req.id.clone(), format!("Unknown method: {}", req.method)),
}
}
async fn handle_ping(req: &IpcRequest) -> IpcResponse {
let host = req.params.get("host").and_then(|v| v.as_str()).unwrap_or("");
let count = req.params.get("count").and_then(|v| v.as_u64()).unwrap_or(1) as u32;
let timeout_ms = req
.params
.get("timeoutMs")
.and_then(|v| v.as_u64())
.unwrap_or(5000);
if host.is_empty() {
return IpcResponse::error(req.id.clone(), "Missing 'host' parameter".to_string());
}
match ping::ping(host, count, timeout_ms).await {
Ok(result) => {
let times: Vec<serde_json::Value> = result
.times
.iter()
.map(|t| {
if t.is_nan() {
serde_json::Value::Null
} else {
json!(t)
}
})
.collect();
IpcResponse::success(
req.id.clone(),
json!({
"alive": result.alive,
"times": times,
"min": if result.min.is_nan() { serde_json::Value::Null } else { json!(result.min) },
"max": if result.max.is_nan() { serde_json::Value::Null } else { json!(result.max) },
"avg": if result.avg.is_nan() { serde_json::Value::Null } else { json!(result.avg) },
"stddev": if result.stddev.is_nan() { serde_json::Value::Null } else { json!(result.stddev) },
"packetLoss": result.packet_loss,
}),
)
}
Err(e) => IpcResponse::error(req.id.clone(), e),
}
}
async fn handle_traceroute(req: &IpcRequest) -> IpcResponse {
let host = req.params.get("host").and_then(|v| v.as_str()).unwrap_or("");
let max_hops = req
.params
.get("maxHops")
.and_then(|v| v.as_u64())
.unwrap_or(30) as u8;
let timeout_ms = req
.params
.get("timeoutMs")
.and_then(|v| v.as_u64())
.unwrap_or(5000);
if host.is_empty() {
return IpcResponse::error(req.id.clone(), "Missing 'host' parameter".to_string());
}
match traceroute::traceroute(host, max_hops, timeout_ms).await {
Ok(hops) => {
let hop_values: Vec<serde_json::Value> = hops
.iter()
.map(|h| {
json!({
"ttl": h.ttl,
"ip": h.ip.as_deref().unwrap_or("*"),
"rtt": h.rtt,
})
})
.collect();
IpcResponse::success(req.id.clone(), json!({ "hops": hop_values }))
}
Err(e) => IpcResponse::error(req.id.clone(), e),
}
}
async fn handle_tcp_port_check(req: &IpcRequest) -> IpcResponse {
let host = req.params.get("host").and_then(|v| v.as_str()).unwrap_or("");
let port = req.params.get("port").and_then(|v| v.as_u64()).unwrap_or(0) as u16;
let timeout_ms = req
.params
.get("timeoutMs")
.and_then(|v| v.as_u64())
.unwrap_or(5000);
if host.is_empty() {
return IpcResponse::error(req.id.clone(), "Missing 'host' parameter".to_string());
}
if port == 0 {
return IpcResponse::error(req.id.clone(), "Missing or invalid 'port' parameter".to_string());
}
match port_scan::tcp_port_check(host, port, timeout_ms).await {
Ok((is_open, latency_ms)) => IpcResponse::success(
req.id.clone(),
json!({
"isOpen": is_open,
"latencyMs": latency_ms,
}),
),
Err(e) => IpcResponse::error(req.id.clone(), e),
}
}
async fn handle_is_local_port_free(req: &IpcRequest) -> IpcResponse {
let port = req.params.get("port").and_then(|v| v.as_u64()).unwrap_or(0) as u16;
if port == 0 {
return IpcResponse::error(
req.id.clone(),
"Missing or invalid 'port' parameter".to_string(),
);
}
// Run the blocking port check on the blocking thread pool
match tokio::task::spawn_blocking(move || port_scan::is_local_port_free(port)).await {
Ok(Ok(free)) => IpcResponse::success(req.id.clone(), json!({ "free": free })),
Ok(Err(e)) => IpcResponse::error(req.id.clone(), e),
Err(e) => IpcResponse::error(req.id.clone(), format!("Task join error: {e}")),
}
}
async fn handle_default_gateway(req: &IpcRequest) -> IpcResponse {
match tokio::task::spawn_blocking(gateway::get_default_gateway).await {
Ok(Ok(info)) => {
let addresses: Vec<serde_json::Value> = info
.addresses
.iter()
.map(|a| {
json!({
"family": a.family,
"address": a.address,
})
})
.collect();
IpcResponse::success(
req.id.clone(),
json!({
"interfaceName": info.interface_name,
"addresses": addresses,
}),
)
}
Ok(Err(e)) => IpcResponse::error(req.id.clone(), e),
Err(e) => IpcResponse::error(req.id.clone(), format!("Task join error: {e}")),
}
}

101
rust/crates/rustnetwork/src/ping.rs Normal file
View File

@@ -0,0 +1,101 @@
use std::net::IpAddr;
use std::time::{Duration, Instant};
use surge_ping::{Client, Config, PingIdentifier, PingSequence, ICMP};
use tokio::time::timeout;
#[derive(Debug)]
pub struct PingResult {
pub alive: bool,
pub times: Vec<f64>,
pub min: f64,
pub max: f64,
pub avg: f64,
pub stddev: f64,
pub packet_loss: f64,
}
pub async fn ping(host: &str, count: u32, timeout_ms: u64) -> Result<PingResult, String> {
let addr: IpAddr = resolve_host(host).await?;
let timeout_dur = Duration::from_millis(timeout_ms);
let config = match addr {
IpAddr::V4(_) => Config::default(),
IpAddr::V6(_) => Config::builder().kind(ICMP::V6).build(),
};
let client = Client::new(&config).map_err(|e| format!("Failed to create ping client: {e}"))?;
let mut pinger = client.pinger(addr, PingIdentifier(rand_u16())).await;
let mut times: Vec<f64> = Vec::with_capacity(count as usize);
let mut alive_count: u32 = 0;
for seq in 0..count {
let payload = vec![0u8; 56];
let start = Instant::now();
match timeout(timeout_dur, pinger.ping(PingSequence(seq as u16), &payload)).await {
Ok(Ok((_packet, rtt))) => {
let ms = rtt.as_secs_f64() * 1000.0;
times.push(ms);
alive_count += 1;
}
Ok(Err(_)) => {
times.push(f64::NAN);
}
Err(_) => {
// timeout
let _ = start; // suppress unused warning
times.push(f64::NAN);
}
}
}
let valid: Vec<f64> = times.iter().copied().filter(|t| !t.is_nan()).collect();
let min = valid.iter().copied().fold(f64::INFINITY, f64::min);
let max = valid.iter().copied().fold(f64::NEG_INFINITY, f64::max);
let avg = if valid.is_empty() {
f64::NAN
} else {
valid.iter().sum::<f64>() / valid.len() as f64
};
let stddev = if valid.is_empty() {
f64::NAN
} else {
let variance = valid.iter().map(|v| (v - avg).powi(2)).sum::<f64>() / valid.len() as f64;
variance.sqrt()
};
let packet_loss = ((count - alive_count) as f64 / count as f64) * 100.0;
Ok(PingResult {
alive: alive_count > 0,
times,
min: if min.is_infinite() { f64::NAN } else { min },
max: if max.is_infinite() { f64::NAN } else { max },
avg,
stddev,
packet_loss,
})
}
async fn resolve_host(host: &str) -> Result<IpAddr, String> {
// Try parsing as IP first
if let Ok(addr) = host.parse::<IpAddr>() {
return Ok(addr);
}
// DNS resolution
let addrs = tokio::net::lookup_host(format!("{host}:0"))
.await
.map_err(|e| format!("DNS resolution failed for {host}: {e}"))?;
for addr in addrs {
return Ok(addr.ip());
}
Err(format!("No addresses found for {host}"))
}
fn rand_u16() -> u16 {
// Simple random using current time
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap_or_default();
(now.subsec_nanos() % 65536) as u16
}

100
rust/crates/rustnetwork/src/port_scan.rs Normal file
View File

@@ -0,0 +1,100 @@
use std::net::SocketAddr;
use std::time::{Duration, Instant};
use tokio::net::TcpStream;
use tokio::time::timeout;
use socket2::{Domain, Protocol, Socket, Type};
/// Check if a remote TCP port is open
pub async fn tcp_port_check(
host: &str,
port: u16,
timeout_ms: u64,
) -> Result<(bool, Option<f64>), String> {
let timeout_dur = Duration::from_millis(timeout_ms);
// Resolve host — treat DNS failure as "not open"
let addr_str = format!("{host}:{port}");
let addrs: Vec<SocketAddr> = match tokio::net::lookup_host(&addr_str).await {
Ok(iter) => iter.collect(),
Err(_) => return Ok((false, None)),
};
if addrs.is_empty() {
return Ok((false, None));
}
// Try each resolved address
for addr in &addrs {
let start = Instant::now();
match timeout(timeout_dur, TcpStream::connect(addr)).await {
Ok(Ok(_stream)) => {
let latency = start.elapsed().as_secs_f64() * 1000.0;
return Ok((true, Some(latency)));
}
Ok(Err(_)) => continue,
Err(_) => continue,
}
}
Ok((false, None))
}
/// Check if a local port is free (both IPv4 and IPv6)
pub fn is_local_port_free(port: u16) -> Result<bool, String> {
// Check IPv4
let ipv4_free = check_bind_ipv4(port)?;
if !ipv4_free {
return Ok(false);
}
// Check IPv6
let ipv6_free = check_bind_ipv6(port)?;
Ok(ipv6_free)
}
fn check_bind_ipv4(port: u16) -> Result<bool, String> {
let socket = Socket::new(Domain::IPV4, Type::STREAM, Some(Protocol::TCP))
.map_err(|e| format!("Failed to create IPv4 socket: {e}"))?;
socket
.set_reuse_address(true)
.map_err(|e| format!("Failed to set SO_REUSEADDR: {e}"))?;
let addr: SocketAddr = format!("0.0.0.0:{port}")
.parse()
.map_err(|e| format!("Invalid address: {e}"))?;
match socket.bind(&addr.into()) {
Ok(()) => {
// Try to listen to fully test availability
match socket.listen(1) {
Ok(()) => Ok(true),
Err(_) => Ok(false),
}
}
Err(_) => Ok(false),
}
}
fn check_bind_ipv6(port: u16) -> Result<bool, String> {
let socket = Socket::new(Domain::IPV6, Type::STREAM, Some(Protocol::TCP))
.map_err(|e| format!("Failed to create IPv6 socket: {e}"))?;
socket
.set_reuse_address(true)
.map_err(|e| format!("Failed to set SO_REUSEADDR: {e}"))?;
// Set IPV6_ONLY to avoid dual-stack interference
socket
.set_only_v6(true)
.map_err(|e| format!("Failed to set IPV6_V6ONLY: {e}"))?;
let addr: SocketAddr = format!("[::]:{port}")
.parse()
.map_err(|e| format!("Invalid address: {e}"))?;
match socket.bind(&addr.into()) {
Ok(()) => match socket.listen(1) {
Ok(()) => Ok(true),
Err(_) => Ok(false),
},
Err(_) => Ok(false),
}
}

308
rust/crates/rustnetwork/src/traceroute.rs Normal file
View File

@@ -0,0 +1,308 @@
use socket2::{Domain, Protocol, Socket, Type};
use std::io;
use std::mem::MaybeUninit;
use std::net::{IpAddr, SocketAddr};
use std::time::{Duration, Instant};
#[derive(Debug)]
pub struct TracerouteHop {
pub ttl: u8,
pub ip: Option<String>,
pub rtt: Option<f64>,
}
pub async fn traceroute(
host: &str,
max_hops: u8,
timeout_ms: u64,
) -> Result<Vec<TracerouteHop>, String> {
let dest: IpAddr = resolve_host(host).await?;
let timeout_dur = Duration::from_millis(timeout_ms);
// Run blocking raw-socket traceroute on the blocking thread pool
tokio::task::spawn_blocking(move || traceroute_blocking(dest, max_hops, timeout_dur))
.await
.map_err(|e| format!("Task join error: {e}"))?
}
fn traceroute_blocking(
dest: IpAddr,
max_hops: u8,
timeout: Duration,
) -> Result<Vec<TracerouteHop>, String> {
let mut hops = Vec::new();
for ttl in 1..=max_hops {
match send_probe(dest, ttl, timeout) {
Ok((ip, rtt)) => {
let reached = ip.as_ref().map(|a| a == &dest.to_string()).unwrap_or(false);
hops.push(TracerouteHop {
ttl,
ip,
rtt: Some(rtt),
});
if reached {
break;
}
}
Err(ProbeError::Timeout) => {
hops.push(TracerouteHop {
ttl,
ip: None,
rtt: None,
});
}
Err(ProbeError::Other(e)) => {
hops.push(TracerouteHop {
ttl,
ip: None,
rtt: None,
});
// Log but continue
eprintln!("Probe error at TTL {ttl}: {e}");
}
}
}
Ok(hops)
}
enum ProbeError {
Timeout,
Other(String),
}
fn send_probe(dest: IpAddr, ttl: u8, timeout: Duration) -> Result<(Option<String>, f64), ProbeError> {
let (domain, proto) = match dest {
IpAddr::V4(_) => (Domain::IPV4, Protocol::ICMPV4),
IpAddr::V6(_) => (Domain::IPV6, Protocol::ICMPV6),
};
let sock = Socket::new(domain, Type::RAW, Some(proto))
.map_err(|e| ProbeError::Other(format!("Socket creation failed: {e}")))?;
sock.set_ttl(ttl as u32)
.map_err(|e| ProbeError::Other(format!("Failed to set TTL: {e}")))?;
sock.set_read_timeout(Some(timeout))
.map_err(|e| ProbeError::Other(format!("Failed to set timeout: {e}")))?;
let dest_addr = match dest {
IpAddr::V4(v4) => SocketAddr::new(IpAddr::V4(v4), 0),
IpAddr::V6(v6) => SocketAddr::new(IpAddr::V6(v6), 0),
};
// Build ICMP Echo Request packet
let ident = (std::process::id() as u16) ^ (ttl as u16);
let seq = ttl as u16;
let packet = match dest {
IpAddr::V4(_) => build_icmpv4_echo_request(ident, seq),
IpAddr::V6(_) => build_icmpv6_echo_request(ident, seq),
};
let start = Instant::now();
sock.send_to(&packet, &dest_addr.into())
.map_err(|e| ProbeError::Other(format!("Send failed: {e}")))?;
// Wait for response using MaybeUninit buffer as required by socket2
let mut buf_uninit = [MaybeUninit::<u8>::uninit(); 512];
loop {
match sock.recv_from(&mut buf_uninit) {
Ok((n, from_addr)) => {
let elapsed = start.elapsed().as_secs_f64() * 1000.0;
// Safety: recv_from initialized the first n bytes
let buf: &[u8] = unsafe {
std::slice::from_raw_parts(buf_uninit.as_ptr() as *const u8, n)
};
let from_ip = match from_addr.as_socket() {
Some(sa) => sa.ip().to_string(),
None => "unknown".to_string(),
};
// Check if this response is for our probe
match dest {
IpAddr::V4(_) => {
if is_relevant_icmpv4_response(buf, ident, seq) {
return Ok((Some(from_ip), elapsed));
}
}
IpAddr::V6(_) => {
if is_relevant_icmpv6_response(buf, ident, seq) {
return Ok((Some(from_ip), elapsed));
}
}
}
// Check if we've exceeded timeout
if start.elapsed() >= timeout {
return Err(ProbeError::Timeout);
}
}
Err(ref e) if e.kind() == io::ErrorKind::WouldBlock || e.kind() == io::ErrorKind::TimedOut => {
return Err(ProbeError::Timeout);
}
Err(e) => {
return Err(ProbeError::Other(format!("Recv error: {e}")));
}
}
}
}
/// Check if an ICMPv4 response is relevant to our probe.
/// It could be Echo Reply (type 0) or Time Exceeded (type 11).
fn is_relevant_icmpv4_response(buf: &[u8], ident: u16, seq: u16) -> bool {
// IPv4 header is at least 20 bytes, then ICMP follows
if buf.len() < 20 {
return false;
}
let ip_header_len = ((buf[0] & 0x0f) as usize) * 4;
if buf.len() < ip_header_len + 8 {
return false;
}
let icmp = &buf[ip_header_len..];
let icmp_type = icmp[0];
match icmp_type {
0 => {
// Echo Reply: check ident and seq
if icmp.len() < 8 {
return false;
}
let reply_ident = u16::from_be_bytes([icmp[4], icmp[5]]);
let reply_seq = u16::from_be_bytes([icmp[6], icmp[7]]);
reply_ident == ident && reply_seq == seq
}
11 => {
// Time Exceeded: the original IP packet + first 8 bytes of original ICMP are in payload
// icmp[0]=type, [1]=code, [2-3]=checksum, [4-7]=unused, [8+]=original IP header+8 bytes
if icmp.len() < 36 {
// 8 (outer ICMP header) + 20 (inner IP header) + 8 (inner ICMP header)
return false;
}
let inner_ip = &icmp[8..];
let inner_ip_header_len = ((inner_ip[0] & 0x0f) as usize) * 4;
if icmp.len() < 8 + inner_ip_header_len + 8 {
return false;
}
let inner_icmp = &inner_ip[inner_ip_header_len..];
// Check inner ICMP echo request ident and seq
if inner_icmp[0] != 8 {
// Not echo request
return false;
}
let inner_ident = u16::from_be_bytes([inner_icmp[4], inner_icmp[5]]);
let inner_seq = u16::from_be_bytes([inner_icmp[6], inner_icmp[7]]);
inner_ident == ident && inner_seq == seq
}
_ => false,
}
}
/// Check if an ICMPv6 response is relevant to our probe
fn is_relevant_icmpv6_response(buf: &[u8], ident: u16, seq: u16) -> bool {
// ICMPv6: no IP header in raw socket recv (kernel strips it)
if buf.len() < 8 {
return false;
}
let icmp_type = buf[0];
match icmp_type {
129 => {
// Echo Reply
let reply_ident = u16::from_be_bytes([buf[4], buf[5]]);
let reply_seq = u16::from_be_bytes([buf[6], buf[7]]);
reply_ident == ident && reply_seq == seq
}
3 => {
// Time Exceeded: payload contains original IPv6 header + first bytes of original ICMPv6
if buf.len() < 56 {
// 8 (outer ICMPv6) + 40 (inner IPv6 header) + 8 (inner ICMPv6)
return false;
}
let inner_icmp = &buf[48..]; // 8 + 40
if inner_icmp[0] != 128 {
// Not echo request
return false;
}
let inner_ident = u16::from_be_bytes([inner_icmp[4], inner_icmp[5]]);
let inner_seq = u16::from_be_bytes([inner_icmp[6], inner_icmp[7]]);
inner_ident == ident && inner_seq == seq
}
_ => false,
}
}
/// Build an ICMPv4 Echo Request packet
fn build_icmpv4_echo_request(ident: u16, seq: u16) -> Vec<u8> {
let mut pkt = vec![0u8; 64]; // 8 header + 56 payload
pkt[0] = 8; // Type: Echo Request
pkt[1] = 0; // Code
// Checksum placeholder [2,3]
pkt[4] = (ident >> 8) as u8;
pkt[5] = (ident & 0xff) as u8;
pkt[6] = (seq >> 8) as u8;
pkt[7] = (seq & 0xff) as u8;
// Fill payload with pattern
for i in 8..64 {
pkt[i] = (i as u8) & 0xff;
}
// Calculate checksum
let cksum = icmp_checksum(&pkt);
pkt[2] = (cksum >> 8) as u8;
pkt[3] = (cksum & 0xff) as u8;
pkt
}
/// Build an ICMPv6 Echo Request packet
fn build_icmpv6_echo_request(ident: u16, seq: u16) -> Vec<u8> {
let mut pkt = vec![0u8; 64];
pkt[0] = 128; // Type: Echo Request
pkt[1] = 0; // Code
// Checksum [2,3] - kernel calculates for ICMPv6
pkt[4] = (ident >> 8) as u8;
pkt[5] = (ident & 0xff) as u8;
pkt[6] = (seq >> 8) as u8;
pkt[7] = (seq & 0xff) as u8;
for i in 8..64 {
pkt[i] = (i as u8) & 0xff;
}
// Note: ICMPv6 checksum is computed by the kernel when using raw sockets on Linux
pkt
}
/// Calculate ICMP checksum
fn icmp_checksum(data: &[u8]) -> u16 {
let mut sum: u32 = 0;
let mut i = 0;
while i + 1 < data.len() {
sum += u16::from_be_bytes([data[i], data[i + 1]]) as u32;
i += 2;
}
if i < data.len() {
sum += (data[i] as u32) << 8;
}
while sum >> 16 != 0 {
sum = (sum & 0xffff) + (sum >> 16);
}
!sum as u16
}
async fn resolve_host(host: &str) -> Result<IpAddr, String> {
if let Ok(addr) = host.parse::<IpAddr>() {
return Ok(addr);
}
let addrs = tokio::net::lookup_host(format!("{host}:0"))
.await
.map_err(|e| format!("DNS resolution failed for {host}: {e}"))?;
for addr in addrs {
return Ok(addr.ip());
}
Err(format!("No addresses found for {host}"))
}