Lib.rs

Network programminggday
#peer-connection #tcp-connection #file-transfer #server #hole #networking #nat

gday_hole_punch

Securely connect to a peer using TCP hole-punching

by manforowicz

4 releases (2 breaking)

0.3.0 Dec 2, 2024
0.2.1 Jul 12, 2024
0.2.0 Jul 8, 2024
0.1.1 Jun 7, 2024

#1720 in Network programming

Download history 20/week @ 2024-09-16 14/week @ 2024-09-23 4/week @ 2024-09-30 1/week @ 2024-10-14 157/week @ 2024-12-02

157 downloads per month
Used in gday

MIT license

61KB
874 lines

gday_hole_punch

Crates.io Version docs.rs

Lets peers behind NAT (network address translation) try to establish a direct authenticated TCP connection. Uses TCP hole punching and a helper gday_server to do this.

See the documentation.

Used by

  • gday - Command line tool for sending files.

Depends on

lib.rs:

Lets 2 peers, possibly behind NAT (network address translation), try to establish a direct authenticated TCP connection. Uses TCP hole punching and a helper gday_server to do this. This library is used by gday, a command line tool for sending files.

Example

#
let timeout = std::time::Duration::from_secs(5);

//////// Peer 1 ////////

// Connect to a random server in the default server list
let (mut server_connection, server_id) = server_connector::connect_to_random_server(
    server_connector::DEFAULT_SERVERS,
    timeout,
).await?;

// PeerCode useful for giving rendezvous info to peer,
// over an existing channel like email.
let peer_code = PeerCode {
    server_id,
    room_code: "roomcode".to_string(),
    shared_secret: "shared_secret".to_string()
};
let code_to_share = String::try_from(&peer_code)?;

// Create a room in the server, and get my contact from it
let (my_contact, peer_contact_future) = share_contacts(
    &mut server_connection,
    peer_code.room_code.as_bytes(),
    true,
).await?;

// Wait for the server to send the peer's contact
let peer_contact = peer_contact_future.await?;

// Use TCP hole-punching to connect to the peer,
// verify their identity with the shared_secret,
// and get a cryptographically-secure shared key
let (tcp_stream, strong_key) = try_connect_to_peer(
    my_contact.local,
    peer_contact,
    peer_code.shared_secret.as_bytes(),
).await?;

//////// Peer 2 (on a different computer) ////////

// Get the peer_code that Peer 1 sent, for example
// over email.
let peer_code = PeerCode::from_str(&code_to_share)?;

// Connect to the same server as Peer 1
let mut server_connection = server_connector::connect_to_server_id(
    server_connector::DEFAULT_SERVERS,
    peer_code.server_id,
    timeout,
).await?;

// Join the same room in the server, and get my local contact
let (my_contact, peer_contact_future) = share_contacts(
    &mut server_connection,
    peer_code.room_code.as_bytes(),
    false,
).await?;

let peer_contact = peer_contact_future.await?;

let (tcp_stream, strong_key) = try_connect_to_peer(
    my_contact.local,
    peer_contact,
    peer_code.shared_secret.as_bytes(),
).await?;

Dependencies

~13–24MB
~428K SLoC