Release v0.26.0

Cargo.toml

@@ -10,19 +10,21 @@ members = [
 ]
 
 [workspace.package]
-version = "0.25.0"
+version = "0.26.0"
 edition = "2024"
 authors = ["shellrow <shellrow@foctal.com>"]
 
 [workspace.dependencies]
-nex-core = { version = "0.25.0", path = "nex-core" }
-nex-datalink = { version = "0.25.0", path = "nex-datalink" }
-nex-packet = { version = "0.25.0", path = "nex-packet" }
-nex-sys = { version = "0.25.0", path = "nex-sys" }
-nex-socket = { version = "0.25.0", path = "nex-socket" }
+nex-core = { version = "0.26.0", path = "nex-core" }
+nex-datalink = { version = "0.26.0", path = "nex-datalink" }
+nex-packet = { version = "0.26.0", path = "nex-packet" }
+nex-sys = { version = "0.26.0", path = "nex-sys" }
+nex-socket = { version = "0.26.0", path = "nex-socket" }
 serde = { version = "1" }
 libc = "0.2"
-netdev = { version = "0.40" }
+netdev = { version = "0.41.0" }
+mac-addr = { version = "0.3.0" }
+ipnet = { version = "2.12" }
 bytes = "1"
 tokio = { version = "1" }
 rand = "0.8"

examples/tcp_socket.rs

@@ -6,6 +6,7 @@ use nex_socket::tcp::TcpSocket;
 use std::env;
 use std::io::{Read, Write};
 use std::net::{IpAddr, SocketAddr};
+use std::time::Duration;
 
 fn main() -> std::io::Result<()> {
     let ip: IpAddr = env::args().nth(1).expect("IP").parse().expect("ip");
@@ -20,8 +21,7 @@ fn main() -> std::io::Result<()> {
         SocketAddr::V4(_) => TcpSocket::v4_stream()?,
         SocketAddr::V6(_) => TcpSocket::v6_stream()?,
     };
-    socket.connect(addr)?;
-    let mut stream = socket.to_tcp_stream()?;
+    let mut stream = socket.connect_timeout(addr, Duration::from_secs(5))?;
 
     let req = format!("GET / HTTP/1.1\r\nHost: {}\r\n\r\n", ip);
     stream.write_all(req.as_bytes())?;

fuzz/.gitignore

@@ -0,0 +1,4 @@
+artifacts/
+corpus/
+coverage/
+target/

fuzz/Cargo.toml

@@ -0,0 +1,50 @@
+[package]
+name = "nex-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2024"
+
+[workspace]
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+nex-packet = { path = "../nex-packet" }
+bytes = "1"
+
+[[bin]]
+name = "frame_parse"
+path = "fuzz_targets/frame_parse.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "ipv4_parse"
+path = "fuzz_targets/ipv4_parse.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "ipv6_parse"
+path = "fuzz_targets/ipv6_parse.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "tcp_options"
+path = "fuzz_targets/tcp_options.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "dns_name"
+path = "fuzz_targets/dns_name.rs"
+test = false
+doc = false
+bench = false

fuzz/README.md

@@ -0,0 +1,15 @@
+# Fuzz Targets
+
+This directory contains minimal `cargo-fuzz` targets for malformed-input hardening.
+
+Examples:
+
+```bash
+cargo +nightly fuzz run frame_parse
+cargo +nightly fuzz run ipv4_parse
+cargo +nightly fuzz run ipv6_parse
+cargo +nightly fuzz run tcp_options
+cargo +nightly fuzz run dns_name
+```
+
+Targets focus on parser totality and malformed-input robustness. Panics and unbounded traversal are considered bugs.

fuzz/fuzz_targets/dns_name.rs

@@ -0,0 +1,9 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use nex_packet::dns::DnsName;
+
+fuzz_target!(|data: &[u8]| {
+    let _ = DnsName::from_bytes(data);
+    let _ = DnsName::try_from_bytes(data);
+});

fuzz/fuzz_targets/frame_parse.rs

@@ -0,0 +1,11 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use nex_packet::frame::{Frame, FrameView, ParseOption};
+
+fuzz_target!(|data: &[u8]| {
+    let _ = Frame::from_buf(data, ParseOption::default());
+    let _ = Frame::try_from_buf(data, ParseOption::default());
+    let _ = Frame::try_from_buf_strict(data, ParseOption::default());
+    let _ = FrameView::from_buf(data, ParseOption::default());
+});

fuzz/fuzz_targets/ipv4_parse.rs

@@ -0,0 +1,11 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use nex_packet::packet::Packet;
+use nex_packet::ipv4::Ipv4Packet;
+
+fuzz_target!(|data: &[u8]| {
+    let _ = Ipv4Packet::from_buf(data);
+    let _ = Ipv4Packet::try_from_buf(data);
+    let _ = Ipv4Packet::try_from_buf_strict(data);
+});

fuzz/fuzz_targets/ipv6_parse.rs

@@ -0,0 +1,11 @@
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use nex_packet::packet::Packet;
+use nex_packet::ipv6::Ipv6Packet;
+
+fuzz_target!(|data: &[u8]| {
+    let _ = Ipv6Packet::from_buf(data);
+    let _ = Ipv6Packet::try_from_buf(data);
+    let _ = Ipv6Packet::try_from_buf_strict(data);
+});

fuzz/fuzz_targets/tcp_options.rs

@@ -0,0 +1,12 @@
+#![no_main]
+
+use bytes::Bytes;
+use libfuzzer_sys::fuzz_target;
+use nex_packet::packet::Packet;
+use nex_packet::tcp::TcpPacket;
+
+fuzz_target!(|data: &[u8]| {
+    let _ = TcpPacket::from_buf(data);
+    let _ = TcpPacket::try_from_buf(data);
+    let _ = TcpPacket::try_from_bytes(Bytes::copy_from_slice(data));
+});

nex-core/Cargo.toml

@@ -12,7 +12,13 @@ license = "MIT"
 
 [dependencies]
 netdev = { workspace = true }
+mac-addr = { workspace = true }
+ipnet = { workspace = true }
+libc = { workspace = true }
+nex-sys = { workspace = true }
 serde = { workspace = true, features = ["derive"], optional = true }
 
 [features]
-serde = ["dep:serde", "netdev/serde"]
+default = ["gateway"]
+gateway = ["netdev/gateway"]
+serde = ["dep:serde", "mac-addr/serde", "ipnet/serde", "netdev/serde"]