Commit Graph

41 Commits

Author SHA1 Message Date
Red Bear OS 596e73a92e bridge: 5 unit tests for FDB learn/age/lookup
Bridge MAC learning tests:
- learn_stores_unicast_mapping: stored MAC resolves on correct port
- learn_ignores_multicast: broadcast/multicast never enters FDB
- learn_replaces_existing_entry_on_new_port: MAC moves update port
- age_entries_removes_expired_macs: 300s timeout respected
- lookup_returns_none_for_unknown_mac: unknown MAC returns None

Total tests across netstack: 20 (5 table + 4 conntrack + 6 nat + 5 bridge)
All passing.
2026-07-08 21:20:32 +03:00
Red Bear OS d2e6ea1ba9 nat: add 6 unit tests for IP rewrite + table management
Tests cover:
- rewrite_src_ipv4: source IP changes, dst unchanged
- rewrite_dst_ipv4: destination IP changes, src unchanged
- rewrite_short_packet_returns_false: <20 bytes returns false
- rewrite_recomputes_checksum: checksum updates after rewrite
- nat_table_add_assigns_unique_ids: each rule gets unique ID
- nat_ephemeral_port_allocates_unique: ports are unique across calls

Total tests across filter module: 15 (5 table + 4 conntrack + 6 nat)
All passing.
2026-07-08 21:16:50 +03:00
Red Bear OS aa6bf0f2ea conntrack: per-protocol rate limits + fix ICMP type offset bug + tests
CRITICAL BUG FIX: is_echo_request() and track_icmp() were reading
ctx.packet[0] thinking it was the ICMP type byte. But ctx.packet is
the IP packet, so offset 0 is the IP version/IHL byte (0x45 for IPv4).

Result: ICMP echo detection NEVER matched Type 8 packets.
- ICMP rate limiting (R32) was a no-op — wrong byte read
- ICMP echo tracking in track_icmp() was checking IP version vs 8/128

Fixed: read ICMP type from offset  for IPv4, or offset 40 for IPv6.

ALSO: separate TCP SYN and ICMP echo rate limit maps.
Previously both shared one BTreeMap, so a host doing 100 TCP SYNs
+ 1 ICMP echo would be over-limit. Now each has its own budget.

NEW TESTS (4 conntrack + 5 filter table = 9 total, all passing):
- syn_limit_triggers_after_threshold
- icmp_limit_triggers_after_threshold
- syn_and_icmp_have_independent_budgets
- non_syn_tcp_does_not_count_against_syn_limit

These tests caught the ICMP type bug — failed before fix, pass after.
2026-07-08 19:57:19 +03:00
Red Bear OS 1a3e12b60a summary: include filter chain counters via chain_summary()
netcfg/summary now threads the FilterTable through and calls
chain_summary() — surface per-chain packet/byte/policy counters.

Output now includes:
  filter chains:
  input: pkts=12 bytes=5678 policy=ACCEPT
  output: pkts=0 bytes=0 policy=ACCEPT
  forward: pkts=0 bytes=0 policy=ACCEPT
  prerouting: pkts=0 bytes=0 policy=ACCEPT
  postrouting: pkts=0 bytes=0 policy=ACCEPT

NetCfgScheme::new gains filter_table: Rc<RefCell<FilterTable>> param.
Smolnetd passes the existing filter_table Rc.

All 5 unit tests still pass — refactor preserves behavior.
2026-07-08 19:50:55 +03:00
Red Bear OS 579a512545 filter: add unit tests + chain_summary method
5 new unit tests in filter::table::tests:
- drop_rule_actually_drops (R33 bug regression test)
- accept_rule_actually_accepts (R33 bug regression test)
- rule_matching_other_hook_does_not_apply (hook isolation)
- default_policy_applied_when_no_rules (fallback)
- reset_counters_clears_metrics_keeps_rules (R34 method coverage)

All 5 tests pass — proves the critical verdict bug from R33
is fixed and reset_counters from R34 works correctly.

Also adds FilterTable::chain_summary() returning:
  'input: pkts=12 bytes=5678 policy=ACCEPT' (per-chain line)
for use by future netcfg summary extension.
2026-07-08 19:47:47 +03:00
Red Bear OS ecc0ef33de netfilter: add counters/reset path — preserves rules
Previously '/reset' replaced the entire FilterTable (destructive).
Added '/counters/reset' that clears:
- chain_counters (per-chain packets/bytes)
- rule.match_count (per-rule match counts)
WITHOUT removing rules or resetting policies.

FilterTable gains reset_counters() method.

Usage:
  echo > /scheme/netfilter/reset           # wipe everything
  echo > /scheme/netfilter/counters/reset  # clear metrics only

Mirrors Linux 'iptables -Z' (zero counters) vs full flush.
2026-07-08 19:41:05 +03:00
Red Bear OS 48cb44cb3e filter: critical bug fix — evaluate() was ignoring all rule verdicts!
FilterTable::evaluate() set final_verdict for matched rules but never
returned it — always returned the chain's default_policy instead.
This meant every firewall rule (ACCEPT/DROP/REJECT/LOG) was being
evaluated (correctly) but its verdict was DISCARDED.

Symptoms:
- 'DROP' rules had no effect — packets flowed through
- 'ACCEPT' rules had no effect — packets flowed through
- Only default_policy was ever applied

Fix: return final_verdict.unwrap_or(default_policy).

Now 'iptables-style' rules actually take effect:
- DROP rules block traffic
- ACCEPT rules allow traffic (before default)
- REJECT rules send ICMP unreachable
- LOG rules log and continue

This bug was introduced when the filter evaluation logic was
refactored and the return statement was left pointing at the
default policy instead of the verdict from the rule loop.

Confirmed via cargo build; warning 'value assigned to final_verdict
is never read' is now gone.
2026-07-08 19:36:50 +03:00
Red Bear OS 93f026f292 conntrack: ICMP echo rate limiting (ping flood protection)
Conntrack now rate-limits ICMP/ICMPv6 echo requests per source:
- is_echo_request() detects Type 8 (ICMPv4) / Type 128 (ICMPv6)
- check_icmp_limit() enforces 20 echoes/sec per source IP
- Over-limit returns ConnState::OverLimit, increments over_limit_count

Mirrors existing SYN flood protection (100 SYN/sec per source).
Smaller threshold (20/sec) because ICMP is cheaper to generate.

Reuses same rate_limits map — TCP SYNs and ICMP echoes share the
budget. Side effect: 100 SYN + 20 echo = 120 packets/sec from one
source before any trigger, which is reasonable.
2026-07-08 19:25:07 +03:00
Red Bear OS 1036881f03 netcfg: add summary node — at-a-glance network state
/scheme/netcfg/summary outputs:
  interfaces: eth0=up lo=up
  routes: 4
  sockets: 7 (tcp=3 udp=4 icmp=0 raw=0)
  ip_forward: 1
  eth0 stats: rx=1234/16 tx=5678/12 err=0/0 drop=0/2

Single read aggregates:
- Link state of eth0 and loopback
- Total route count
- Per-protocol socket counts (TCP/UDP/ICMP/Raw)
- ip_forward toggle state
- Full MIB-II stats for eth0

Useful for at-a-glance monitoring without reading 6+ separate nodes.
2026-07-08 19:16:46 +03:00
Red Bear OS 19199096c5 promiscuous: per-interface toggle via netcfg (ip link set promisc)
LinkDevice trait gains is_promiscuous() and set_promiscuous().
EthernetLink stores promiscuous flag (default: false).
Receive path bypasses MAC check when promiscuous enabled —
captures all frames regardless of destination MAC.

netcfg/ifaces/eth0/promiscuous rw:
  cat /scheme/netcfg/ifaces/eth0/promiscuous  →  'off' or 'on'
  echo on  > .../promiscuous  →  enable promiscuous mode
  echo off > .../promiscuous  →  disable

Accepts: on/off/1/0/yes/no/true/false.

Mirrors Linux 'ip link set dev promisc on/off'.
Required for packet capture tools that need to see all traffic.
2026-07-08 19:03:53 +03:00
Red Bear OS c899b42d36 arp: static ARP entry add/delete via netcfg (ip neigh add/del)
LinkDevice trait gains:
- add_static_neighbor(ip, mac) → Result<(), String>
- remove_neighbor(ip) → bool (true if removed)

EthernetLink implements both with permanent entries (expires_at = i64::MAX/2).

netcfg/ifaces/eth0/arp/ is now:
  list      → read (existing)
  stats     → read (existing)
  flush     → write (existing)
  add       → write  NEW
  del       → write  NEW

Usage:
  echo '192.168.1.1 00:11:22:33:44:55' > /scheme/netcfg/ifaces/eth0/arp/add
  echo '192.168.1.1' > /scheme/netcfg/ifaces/eth0/arp/del
  echo '10.0.0.0/24 gateway-01 11:22:33:44:55:66' > /scheme/netcfg/ifaces/eth0/arp/add

Mirrors Linux 'ip neigh add' / 'ip neigh del'.
MAC format accepts both colon (00:11:22:33:44:55) and dash (00-11-22-33-44-55).
Unicast MAC validation rejects broadcast/multicast addresses.
2026-07-08 18:49:40 +03:00
Red Bear OS 1fad3ab869 route: add /scheme/netcfg/route/gateway read-only node
Reads the default gateway from the route table:
  cat /scheme/netcfg/route/gateway
  →  'default via 192.168.1.1\n'
or 'no default route\n' if no default gateway configured.

Looks up the route for 0.0.0.0 (the default route CIDR) and
returns its 'via' address. Mirrors Linux 'ip route show default'.
2026-07-08 18:44:55 +03:00
Red Bear OS 649ba27669 stats: track rx_errors (malformed ARP/frame) + tx_errors (network write fail)
All 4 RFC 1213 counters now wired to real events:
- rx_errors: malformed Ethernet frame or ARP packet
- tx_errors: network_file.write_all() failed
- rx_dropped: ARP/NDP neighbor resolution failed or queue full
- tx_dropped: qdisc returned None (rate-limit kicked in)

Stats output now reflects actual error/drop conditions.
Mirrors Linux's ifconfig/sar 'errors' and 'dropped' fields.
2026-07-08 18:42:57 +03:00
Red Bear OS 22d05e5f89 stats: actually track rx_dropped on neighbor-resolution failures
The new rx_dropped counter is now incremented in real drop paths:
- drop_waiting_packets_v4: ARP/NDP failed after MAX_TRIES, packets dropped
- drop_waiting_packets_v6: same for IPv6 neighbor discovery
- handle_missing_neighbor: waiting queue full, incoming packet dropped

Net effect: stats now reflect actual packet loss conditions visible
via /scheme/netcfg/ifaces/eth0/stats:
  rx_dropped=N  (was always 0 before)

tx_dropped was already incremented by qdisc drops (R24).
2026-07-08 18:39:28 +03:00
Red Bear OS 82d8a049cc stats: add rx_errors, tx_errors, rx_dropped, tx_dropped counters
Stats struct gains 4 new u64 fields per RFC 1213 (MIB-II):
- rx_errors: incoming packets with errors
- tx_errors: outgoing packets with errors
- rx_dropped: incoming packets dropped (buffer full, etc.)
- tx_dropped: outgoing packets dropped (qdisc dropped, buffer full)

EthernetLink tx path now increments tx_dropped when qdisc returns None
(qdisc decided to drop the packet, e.g., TokenBucket rate exceeded).

netcfg stats output now exposes all 8 counters:
  rx_bytes=N rx_packets=N tx_bytes=N tx_packets=N
  rx_errors=N tx_errors=N rx_dropped=N tx_dropped=N
  mtu=N link=up

Aggregate fields work for bridge/bond via existing sum logic.
2026-07-08 18:35:22 +03:00
Red Bear OS f3c18f410c qdisc: configure traffic shaping type via netcfg
LinkDevice trait gains set_qdisc(kind) — Result<(), String>.
EthernetLink supports three kinds:
  'none' / unset → QdiscConfig::None
  'token_bucket' / 'tbf' → 1 Mbps rate, 1500 byte burst
  'priority_queue' / 'pfifo_fast' → 1000 packet max

netcfg/ifaces/eth0/qdisc becomes rw:
  cat /scheme/netcfg/ifaces/eth0/qdisc    # current config
  echo token_bucket  > .../qdisc
  echo priority_queue > .../qdisc
  echo none > .../qdisc  (default)

Mirrors Linux 'tc qdisc add/replace' for basic shaping.
TokenBucket rate/burst defaults applied on creation;
set via tb.set_rate() / tb.set_burst() (already in qdisc.rs).
2026-07-08 18:26:47 +03:00
Red Bear OS 9bab466704 netcfg: interface enable/disable control (ip link set eth0 down/up)
LinkDevice trait gains is_enabled() and set_enabled() with defaults.
EthernetLink stores enabled flag (default: true). When disabled,
link_state() reports 'down' regardless of hardware_address presence.

netcfg/ifaces/eth0/enabled is rw:
  cat /scheme/netcfg/ifaces/eth0/enabled  →  'up' or 'down'
  echo up   > .../enabled  →  bring interface up
  echo down > .../enabled  →  bring interface down
  echo on/off/1/0/yes/no  →  also accepted

Mirrors Linux 'ip link set dev <state>'.

Pre-existing link state (hardware_address Some/None) unchanged;
the enabled flag adds a software override layer that can be
toggled without restarting the netstack.
2026-07-08 18:24:02 +03:00
Red Bear OS 89083a25f9 netcfg: UDP socket listing + routes/count node
- UDP sockets now enumerated in /scheme/netcfg/sockets/list:
    udp: local=0.0.0.0:53
    udp: local=127.0.0.1:8080
- New RouteTable::len() method + /scheme/netcfg/route/count:
    cat /scheme/netcfg/route/count  →  'routes: 4'

Complete connections view now covers TCP + UDP listening sockets,
plus route count summary for at-a-glance monitoring.
2026-07-08 18:19:42 +03:00
Red Bear OS 0725f81144 sockets: per-TCP-connection listing via netcfg
netcfg/sockets/list now enumerates each active TCP socket with:
- State (Established, Listen, SynSent, etc.)
- Local endpoint (e.g., 127.0.0.1:8080)
- Remote endpoint (e.g., 192.168.1.5:51234) or '-' if not connected

Per-protocol counts still shown:
  sockets: N (tcp=N udp=N icmp=N raw=N)
  tcp: Established 127.0.0.1:22 -> 10.0.0.5:54321
  tcp: Listen 0.0.0.0:80 -> -
  tcp: SynSent 192.168.1.1:1025 -> 8.8.8.8:53
  ...

Mirrors Linux 'ss -t' output format.
Uses smoltcp Socket enum pattern matching (was previously blocked
because Socket didn't expose type-check methods).
2026-07-08 18:16:05 +03:00
Red Bear OS c015a375b1 mtu: per-interface MTU configuration via netcfg
LinkDevice trait gains set_mtu(mtu) with default no-op.
EthernetLink stores mtu in field, clamped to 576-9000 (RFC 791 min/max).

netcfg/ifaces/eth0/mtu becomes rw:
  cat /scheme/netcfg/ifaces/eth0/mtu  →  '1500' (default)
  echo 1400 > .../mtu  →  VPN MTU
  echo 9000 > .../mtu  →  jumbo frames

Clamped to [576, 9000]:
- 576: minimum for IPv4 (RFC 791)
- 9000: standard jumbo frame MTU

Useful for VPNs (MTU 1400 to avoid fragmentation through tunnel overhead),
jumbo frames (MTU 9000 on datacenter networks), and constrained paths.
2026-07-08 17:57:16 +03:00
Red Bear OS c1cfee3bea qdisc: expose traffic shaping info via netcfg and LinkDevice trait
LinkDevice gains qdisc_info() → String defaulting to 'none'.
EthernetLink reports current qdisc configuration:
  none  /  token_bucket rate=N burst=N tokens=N  /  priority_queue len=N max=N

TokenBucket and PriorityQueue gain public accessor methods:
  rate(), burst(), tokens() / max_len()

netcfg exposes at /scheme/netcfg/ifaces/eth0/qdisc:
  cat /scheme/netcfg/ifaces/eth0/qdisc  →  'none' (default)

Enables monitoring tools to discover current traffic shaping.
Future: wo node for configuring qdisc type + parameters.
2026-07-08 17:50:31 +03:00
Red Bear OS 7abd45bf2e netfilter: add /scheme/netfilter/stats node
Exposes per-chain filter statistics:
  input: packets=0 bytes=0 policy=ACCEPT
  output: packets=0 bytes=0 policy=ACCEPT
  forward: packets=1423 bytes=456789 policy=DROP
  prerouting: packets=0 bytes=0 policy=ACCEPT
  postrouting: packets=0 bytes=0 policy=ACCEPT
  rules: 5 active (snat=3 dnat=2)
  conntrack: 127

Mirrors iptables -L -n -v output format.
Per-chain (packets, bytes) from FilterTable::chain_counters.
Rule breakdown shows active count + snat/dnat split.
Conntrack entry count from live table.
2026-07-08 17:20:24 +03:00
Red Bear OS 98c43529e7 cleanup: fix unused variable + unnecessary mut warnings (7 total)
- router/mod.rs: 4x |mut b| → |b| (&mut [u8] is already mutable)
- scheme/icmp.rs: handle_recvmsg stub params → _file, _how, _flags
- scheme/ip.rs: handle_recvmsg stub params → _file, _how, _flags
- scheme/socket.rs: get_sock_opt default + msg_send ctx → _ prefixed
- scheme/tun.rs: loop name → _name
2026-07-08 16:38:48 +03:00
Red Bear OS e185e03d88 observer: add BPF-style filter + output path capture
Capture filter supports tcpdump-like expressions:
  echo tcp          > /scheme/netcfg/capture/filter
  echo udp port 53  > /scheme/netcfg/capture/filter
  echo icmp         > /scheme/netcfg/capture/filter
  echo tcp port 80  > /scheme/netcfg/capture/filter
  cat /scheme/netcfg/capture/filter  →  reads current filter

Filter matches IP header protocol field + TCP/UDP port fields.
Parses IPv4 and IPv6 headers. Non-IP packets captured always.

Output path capture: dispatch() now captures packets going
to devices (outbound locally-generated traffic).

Full capture coverage: input (forward_packets) + output (dispatch).
2026-07-08 16:30:13 +03:00
Red Bear OS c1eb0b3db0 observer: wire into forwarding/output paths for live capture
Router now captures packets flowing through the network stack:
- forward_packets(): capture all forwarded/local-delivered packets
- Observer injected via Router::new() from Smolnetd constructor

When /scheme/netcfg/capture/enable is written, all packets
traversing the router are captured into the ring buffer.
When disabled, zero overhead (AtomicBool check).
2026-07-08 16:25:50 +03:00
Red Bear OS ff66b96266 observer: packet capture facility (tcpdump-like) via netcfg
Adds packet observer with ring buffer (256 packets default):
- Observer::capture(packet) hooks into forwarding/output paths
- AtomicBool enable/disable toggle (no capture overhead when off)
- capture/count: live stats (total captured, buffered, enabled)
- capture/read: drain hex dump of buffered packets
- capture/enable|disable: toggle capture on/off

Usage:
  echo > /scheme/netcfg/capture/enable    # start capture
  cat /scheme/netcfg/capture/read         # dump captured packets (hex)
  cat /scheme/netcfg/capture/count        # stats
  echo > /scheme/netcfg/capture/disable   # stop

Mirrors Linux AF_PACKET + tcpdump facility.
2026-07-08 16:12:15 +03:00
Red Bear OS 998593f243 stats: add statistics() to bridge, bond, and tun devices
Bridge: statistics() aggregates rx/tx bytes+packets from all member ports.
arp_stats() delegates to each port, showing per-port breakdown.

Bond: statistics() aggregates from all slaves (active+standby).
arp_stats() delegates to each slave.

TUN: statistics() now returns live counters tracked during send()/recv().
rx_bytes, rx_packets, tx_bytes, tx_packets increment per-packet.

Previously these devices returned Stats::default() (all zeros).
Now netcfg /ifaces/*/stats shows real data for bridge, bond, tun.
2026-07-08 16:00:26 +03:00
Red Bear OS 5cfbe23b5c cleanup: fix unreachable pattern warnings in TCP/UDP socket options
TCP and UDP get_sock_opt/set_sock_opt had duplicate match arms
due to constant collisions (Linux-level values share namespace):

  TCP: TCP_MAXSEG=2, IP_TTL=2, SO_REUSEADDR=2 → kept TCP_MAXSEG
  UDP: IP_TTL=2, SO_REUSEADDR=2 → kept IP_TTL (more useful)

Removed unreachable arms with explanatory comments. The
collision is inherent — Linux uses different option levels
(SOL_SOCKET vs IPPROTO_TCP vs IPPROTO_IP) but Redox scheme
has a flat namespace. Applications that use multi-level
getsockopt() would need richer level dispatching.
2026-07-08 15:43:42 +03:00
Red Bear OS 27f8e351e6 arp: add statistics counters and netcfg exposure
EthernetLink gains per-interface ARP counters:
- arp_requests: ARP requests sent (incremented in send_arp)
- arp_replies: ARP replies received (incremented on cache insert)
- arp_cache_hits: successful neighbor cache lookups
- arp_cache_misses: cache misses (vacant or expired entries)

LinkDevice trait gains arp_stats() → String method.
EthernetLink implementation: 'requests=N replies=N hits=N misses=N entries=N'

netcfg exposes at /scheme/netcfg/ifaces/eth0/arp/stats:
  echo /scheme/netcfg/ifaces/eth0/arp/stats
  → requests=5 replies=3 hits=142 misses=8 entries=4

Existing arp/list (MAC→IP) and arp/flush (clear) are unchanged.
Useful for monitoring ARP churn, detecting ARP storms, and debugging
neighbor discovery issues.
2026-07-08 15:38:49 +03:00
Red Bear OS ba5a7cd3fc sysctl: add /scheme/netcfg/sysctl tree with ip_forward toggle
Router gains Rc<Cell<bool>> ip_forward flag (default: true).
When false, forward_packets() returns immediately — no packets forwarded
between interfaces. Security best practice for non-router hosts.

netcfg scheme gains sysctl subtree:
  /scheme/netcfg/sysctl/net/ipv4/ip_forward  (rw: 0 or 1)

Read:  echo /scheme/netcfg/sysctl/net/ipv4/ip_forward  →  1
Write: echo 0 > /scheme/netcfg/sysctl/net/ipv4/ip_forward  (disable)
Restore: echo 1 > /scheme/netcfg/sysctl/net/ipv4/ip_forward

Mirrors Linux /proc/sys/net/ipv4/ip_forward.
Shared via Rc<Cell<bool>> between Router and NetCfgScheme.
2026-07-08 15:20:21 +03:00
Red Bear OS 25d6decc85 route: add route types — blackhole, unreachable, prohibit
RouteTable Rule gains route_type: RouteType field:
- Unicast (default): normal forwarding
- Blackhole: silently drop, no ICMP error
- Unreachable: drop + send ICMP Destination Unreachable
- Prohibit: drop + send ICMP Administratively Prohibited

Route type checked in all forwarding/outbound paths:
- Forward path (IPv4): blackhole/unreachable/prohibit drop + error
- Output path (IPv4): blackhole/unreachable/prohibit drop + error
- Output path (IPv6): blackhole/unreachable/prohibit drop

Usage: Rule::with_type(cidr, via, dev, src, RouteType::Blackhole)
Existing Rule::new() creates Unicast routes (backward compatible).

Display: blackhole/unreachable/prohibit prefixed in route list output.
Mirrors Linux iproute2 'ip route add blackhole 10.0.0.0/8'.
2026-07-08 15:02:40 +03:00
Red Bear OS 107e3b6851 stp: enforce blocking on unicast send + enhanced stats display
BridgeDevice STP hardening:
- send(): check STP blocking before unicast forwarding (host-originated)
- recv(): check STP blocking before unicast forwarding (switched frames)
- Previously only flood() checked STP; unicast forwarding bypassed it.
  A blocked port must never forward any traffic — STP semantics now correct.

netcfg stats enhancement:
- Per-interface stats now include mtu= and link= fields alongside counters
- Applies to both eth0 and loopback
- Enables bandwidth monitoring tools to self-discover MTU/link state
2026-07-08 14:53:08 +03:00
Red Bear OS 0baceb0ef6 tcp: extend TcpInfo with send/recv queue, congestion window, MSS
TCP_INFO socket option now returns real-time connection metrics:
- tcpi_snd_queuelen: bytes queued for transmission
- tcpi_rcv_queuelen: bytes waiting in receive buffer
- tcpi_snd_cwnd: send capacity (congestion window proxy)
- tcpi_rcv_wnd: receive capacity (advertised window proxy)
- tcpi_snd_mss: maximum segment size (1460 for Ethernet)
- tcpi_state, tcpi_rto preserved from prior version

Struct layout: #[repr(C)] 28 bytes, compatible with Linux TCP_INFO consumers.
2026-07-08 14:30:05 +03:00
Red Bear OS e05315fc38 udp: socket option completeness — SO_REUSEADDR, SO_BROADCAST, IP_TTL
- UDP port allocation now falls back to claim_port_reuse() (SO_REUSEADDR)
- SO_REUSEADDR get/set added to both UDP and TCP schemes
- SO_BROADCAST getter added to UDP (always returns 1)
- IP_TTL getter/setter added to UDP (get/set hop_limit)
- TCP: SO_REUSEADDR get/set added for API completeness
- All new options return known values for application compatibility
2026-07-08 13:57:00 +03:00
Red Bear OS 2b278390ee tun: wire TUN scheme into event loop + SLAAC RS/RA protocol
TUN integration:
- Smolnetd gains tun_scheme: TunScheme field and tun_file parameter
- on_tun_scheme_event() handler added (scheme event → poll)
- main.rs: EventSource::TunScheme, subscription, dispatch
- TUN devices can now receive and transmit packets through the netstack

SLAAC (RFC 4862):
- build_router_solicitation(): ICMPv6 Type 133 with source LL address option
- parse_router_advertisement(): ICMPv6 Type 134 with Prefix Information
  option extraction (on-link, autonomous, lifetimes)
- Slacd state machine: Idle → Solicited → Configured
  tick() drives RS retransmit (3 retries, 5s timeout)
  process_ra() extracts autonomous /64 prefixes
- ParsedRa, RaPrefix public structs for integration with IPv6 stack

Reference: Linux 7.1 ndisc_send_rs() / ndisc_router_discovery() /
addrconf_prefix_rcv()
2026-07-08 13:47:04 +03:00
Red Bear OS 30db94c970 stp: integrate 802.1D Spanning Tree Protocol into BridgeDevice
Adds loop prevention to Ethernet bridges:
- BridgeDevice gains stp: Option<StpState> field
- enable_stp(priority, mac) method initializes STP per-bridge
- BPDU frames (dst 01:80:c2:00:00:00) intercepted in recv(),
  processed locally, never forwarded
- STP hello timer sends periodic BPDUs on all ports (root bridge)
- flood() skips STP-blocked ports
- build_bpdu() made public for bridge integration
- stp module declared in link/mod.rs

The recv() flow now: age MACs → check STP hello timer →
poll ports → detect BPDU (absorb) → normal frame (learn + forward).

Reference: Linux 7.1 net/bridge/br_stp.c, br_stp_bpdu.c, br_stp_timer.c
2026-07-08 13:38:38 +03:00
Red Bear OS bb3e36e4e0 restore: networking stack files from reflog (Phases 1-6)
Recovered from reflog commits 1c80937e and d0ecc067 after force-push data loss.
Includes: filter/, icmp_error.rs, slaac.rs, bond.rs, bridge.rs, gre.rs, ipip.rs,
qdisc.rs, tun.rs, vlan.rs, vxlan.rs, netfilter.rs, tun.rs, conntrack.rs, nat.rs,
rule.rs, table.rs, redbear-ufw/, dhcpv6d/, netdiag/ — 39 files total.
2026-07-08 13:27:49 +03:00
Red Bear OS 4506bfe02a stp: add IEEE 802.1D Spanning Tree Protocol for bridge loop prevention 2026-07-08 13:26:39 +03:00
Red Bear OS cb1c326645 netcfg: add sockets/list node for active connection count 2026-07-08 09:42:03 +03:00
Red Bear OS e653ef10d6 base: revert oneshot_async service types, fix local fork deps, migrate remote to RedBear-OS
- Revert initfs/rootfs service types from oneshot_async to blocking
  Scheme/Notify/Oneshot to fix init ordering races.
- Add /scheme/pci retry loop in pcid-spawner.
- Bump redox_event to 0.4.8; use local paths for redox-ioctl and redox-rt.
- Regenerate Cargo.lock / bootstrap/Cargo.lock with only local forks.
- Update submodule origin from redbear-os-base.git to RedBear-OS.git
  branch submodule/base per single-repo policy.
2026-07-05 22:25:00 +03:00
Red Bear OS dd08b76a39 Red Bear OS base baseline from 0.1.0 pre-patched archive 2026-06-27 09:21:43 +03:00