netaudit (#30)

* netaudit

* vcpkg manifest

* no vcpkg openssl + add netaudit ratelimit

* Cargo.lock

.github/manifest/vcpkg-configuration.json

@@ -0,0 +1,8 @@
+{
+  "default-registry": {
+    "kind": "git",
+    "baseline": "9760ce6194ef51aa4faf77b6321e1280daa4545c",
+    "repository": "https://github.com/microsoft/vcpkg"
+  },
+  "registries": []
+}

.github/manifest/vcpkg.json

@@ -0,0 +1,9 @@
+{
+  "dependencies": [
+    {
+      "name": "libsodium",
+      "version>=": "1.0.20"
+    }
+  ],
+  "builtin-baseline": "9760ce6194ef51aa4faf77b6321e1280daa4545c"
+}

.github/workflows/test.yml

@@ -38,9 +38,9 @@ jobs:
         uses: johnwason/vcpkg-action@v6
         id: vcpkg
         with:
-          pkgs: libsodium
           triplet: x64-windows-release
           token: ${{ github.token }}
+          manifest-dir: ${{ github.workspace }}/.github/manifest
           github-binarycache: true
 
       - name: Cargo Test Windows

Cargo.toml

@@ -14,12 +14,12 @@ panic = "abort"
 
 [workspace.dependencies]
 # workspace member deps
-sbd-bench = { version = "0.0.4-alpha", path = "rust/sbd-bench" }
-sbd-client = { version = "0.0.4-alpha", path = "rust/sbd-client" }
-sbd-e2e-crypto-client = { version = "0.0.4-alpha", path = "rust/sbd-e2e-crypto-client" }
-sbd-o-bahn-client-tester = { version = "0.0.4-alpha", path = "rust/sbd-o-bahn-client-tester" }
-sbd-o-bahn-server-tester = { version = "0.0.4-alpha", path = "rust/sbd-o-bahn-server-tester" }
-sbd-server = { version = "0.0.4-alpha", path = "rust/sbd-server" }
+sbd-bench = { version = "0.0.5-alpha", path = "rust/sbd-bench" }
+sbd-client = { version = "0.0.5-alpha", path = "rust/sbd-client" }
+sbd-e2e-crypto-client = { version = "0.0.5-alpha", path = "rust/sbd-e2e-crypto-client" }
+sbd-o-bahn-client-tester = { version = "0.0.5-alpha", path = "rust/sbd-o-bahn-client-tester" }
+sbd-o-bahn-server-tester = { version = "0.0.5-alpha", path = "rust/sbd-o-bahn-server-tester" }
+sbd-server = { version = "0.0.5-alpha", path = "rust/sbd-server" }
 # crate deps
 anstyle = "1.0.6"
 base64 = "0.22.0"
@@ -45,6 +45,7 @@ tempfile = "3.10.1"
 tokio = { version = "1.37.0", default-features = false }
 tokio-rustls = "0.25.0"
 tokio-tungstenite = { version = "0.21.0", default-features = false }
+tracing = "0.1.40"
 webpki-roots = "0.26.1"
 
 #[patch.crates-io]

rust/sbd-bench/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sbd-bench"
-version = "0.0.4-alpha"
+version = "0.0.5-alpha"
 edition = "2021"
 
 [dependencies]

rust/sbd-client/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sbd-client"
-version = "0.0.4-alpha"
+version = "0.0.5-alpha"
 description = "simple websocket-based message relay client"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/holochain/sbd"
@@ -18,7 +18,7 @@ rustls-native-certs = { workspace = true }
 tokio = { workspace = true, default-features = false, features = [ "io-util", "net", "sync", "time", "rt" ] }
 tokio-rustls = { workspace = true }
 tokio-tungstenite = { workspace = true, default-features = false, features = [ "connect", "__rustls-tls" ] }
-
+tracing = { workspace = true }
 
 # optional
 ed25519-dalek = { workspace = true, features = [ "rand_core" ], optional = true }
@@ -31,10 +31,10 @@ webpki-roots = { workspace = true }
 [dev-dependencies]
 escargot = { workspace = true, features = [ "print" ] }
 hex = { workspace = true }
-tokio = { workspace = true, features = [ "full" ] }
 # don't use workspace, because that has a version
 # use path only so we can cargo publish without circular dep problems
 sbd-server = { path = "../sbd-server" }
+tokio = { workspace = true, features = [ "full" ] }
 
 [features]
 default = [ "crypto" ]

rust/sbd-client/src/lib.rs

@@ -276,6 +276,7 @@ impl SbdClient {
             .await?;
 
         let send_buf = send_buf::SendBuf::new(
+            full_url.clone(),
             send,
             config.out_buffer_size,
             (limit_byte_nanos as f64 * 1.1) as u64,

rust/sbd-client/src/send_buf.rs

@@ -3,6 +3,7 @@ use super::*;
 use std::collections::VecDeque;
 
 pub struct SendBuf {
+    pub full_url: String,
     pub ws: raw_client::WsRawSend,
     pub buf: VecDeque<Vec<u8>>,
     pub out_buffer_size: usize,
@@ -16,13 +17,24 @@ pub struct SendBuf {
 impl SendBuf {
     /// construct a new send buf
     pub fn new(
+        full_url: String,
         ws: raw_client::WsRawSend,
         out_buffer_size: usize,
         limit_rate: u64,
         idle_keepalive: std::time::Duration,
         pre_sent_bytes: usize,
     ) -> Self {
+        let kbps = (8_000_000.0 / limit_rate as f64) as u64;
+        tracing::debug!(
+            target: "NETAUDIT",
+            full_url,
+            kbps,
+            m = "sbd-client",
+            a = "initial_rate_limit",
+        );
+
         let mut this = Self {
+            full_url,
             ws,
             buf: VecDeque::default(),
             out_buffer_size,
@@ -59,6 +71,16 @@ impl SendBuf {
                 + (MAX_MSG_SIZE as u64 * self.limit_rate);
         }
         self.limit_rate = limit;
+        let kbps = (8_000_000.0 / limit as f64) as u64;
+        let next_send_s = self.next_send_at as f64 / 1_000_000_000.0;
+        tracing::debug!(
+            target: "NETAUDIT",
+            full_url = self.full_url,
+            kbps,
+            next_send_s,
+            m = "sbd-client",
+            a = "new_rate_limit",
+        );
     }
 
     /// If we need to wait before taking the next step, this

rust/sbd-e2e-crypto-client/Cargo.toml

@@ -7,13 +7,14 @@ documentation = "https://docs.rs/sbd-e2e-crypto-client"
 authors = ["Holochain Core Dev Team <[email protected]>"]
 keywords = ["holochain", "holo", "p2p", "networking"]
 categories = ["network-programming"]
-version = "0.0.4-alpha"
+version = "0.0.5-alpha"
 edition = "2021"
 
 [dependencies]
 sbd-client = { workspace = true }
 sodoken = { workspace = true }
 tokio = { workspace = true }
+tracing = { workspace = true }
 
 [dev-dependencies]
 sbd-server = { workspace = true }

rust/sbd-e2e-crypto-client/src/lib.rs

@@ -66,16 +66,25 @@ struct Inner {
     map: HashMap<PubKey, Conn>,
 }
 
+fn do_close_peer(pk: &PubKey, conn: &mut Conn, cooldown: std::time::Duration) {
+    tracing::debug!(
+        target: "NETAUDIT",
+        pub_key = ?pk,
+        cooldown_s = cooldown.as_secs_f64(),
+        m = "sbd-e2e-crypto-client",
+        a = "close_peer",
+    );
+    *conn = Conn::Cooldown(tokio::time::Instant::now() + cooldown);
+}
+
 impl Inner {
     pub async fn close(&mut self) {
         self.client.close().await;
     }
 
-    pub async fn close_peer(&mut self, pk: &PubKey) {
+    pub fn close_peer(&mut self, pk: &PubKey) {
         if let Some(conn) = self.map.get_mut(pk) {
-            *conn = Conn::Cooldown(
-                tokio::time::Instant::now() + self.config.cooldown,
-            );
+            do_close_peer(pk, conn, self.config.cooldown);
         }
     }
 
@@ -103,9 +112,7 @@ impl Inner {
                 }
                 .await
                 {
-                    *conn = Conn::Cooldown(
-                        tokio::time::Instant::now() + config.cooldown,
-                    );
+                    do_close_peer(pk, conn, config.cooldown);
                     Err(err)
                 } else {
                     Ok(())
@@ -143,10 +150,7 @@ impl Inner {
 
                         match dec.decrypt(msg.message()) {
                             Err(_) => {
-                                *conn = Conn::Cooldown(
-                                    tokio::time::Instant::now()
-                                        + config.cooldown,
-                                );
+                                do_close_peer(&pk, conn, config.cooldown);
                                 Ok(None)
                             }
                             Ok(None) => Ok(None),
@@ -182,9 +186,7 @@ impl Inner {
                 }
                 .await
                 {
-                    *conn = Conn::Cooldown(
-                        tokio::time::Instant::now() + config.cooldown,
-                    );
+                    do_close_peer(pk, conn, config.cooldown);
                     Err(err)
                 } else {
                     Ok(())
@@ -196,12 +198,10 @@ impl Inner {
     fn prune(config: &Config, map: &mut HashMap<PubKey, Conn>) {
         let now = tokio::time::Instant::now();
 
-        map.retain(|_, c| {
+        map.retain(|pk, c| {
             if let Conn::Active { last_active, .. } = c {
                 if now - *last_active > config.max_idle {
-                    *c = Conn::Cooldown(
-                        tokio::time::Instant::now() + config.cooldown,
-                    );
+                    do_close_peer(pk, c, config.cooldown);
                 }
             }
 
@@ -240,8 +240,20 @@ impl Inner {
                     return Err(Error::other("ignore"));
                 }
                 if len >= config.max_connections {
+                    tracing::debug!(
+                        target: "NETAUDIT",
+                        pub_key = ?pk,
+                        m = "sbd-e2e-crypto-client",
+                        "cannot open: too many connections",
+                    );
                     return Err(Error::other("too many connections"));
                 }
+                tracing::debug!(
+                    target: "NETAUDIT",
+                    pub_key = ?pk,
+                    m = "sbd-e2e-crypto-client",
+                    a = "open_peer",
+                );
                 let (enc, hdr, dec) = crypto.new_enc(pk)?;
                 Ok((
                     e.insert(Conn::Active {
@@ -375,7 +387,7 @@ impl SbdClientCrypto {
     /// Close a connection to a specific peer.
     pub async fn close_peer(&self, pk: &PubKey) {
         if let Some(inner) = self.inner.lock().await.as_mut() {
-            inner.close_peer(pk).await;
+            inner.close_peer(pk);
         }
     }
 

rust/sbd-o-bahn-client-tester/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sbd-o-bahn-client-tester"
-version = "0.0.4-alpha"
+version = "0.0.5-alpha"
 description = "simple websocket-based message relay client tester"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/holochain/sbd"

rust/sbd-o-bahn-server-tester/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sbd-o-bahn-server-tester"
-version = "0.0.4-alpha"
+version = "0.0.5-alpha"
 description = "simple websocket-based message relay server tester"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/holochain/sbd"