Module capsules_extra::net::network_capabilities
source · Expand description
Capabilities for specifying capsule access to network resources
A network capability specifies (1) with what IP addresses the holder of the capability may communicate, (2) from which UDP ports the holder may send, and (3) to which UDP ports the holder may send. In order to express various ranges of IP addresses, one uses the AddrRange enum. One specifies ranges of ports using the PortRange enum.
Capsules must obtain static references to network capabilities from trusted code (i.e. code that must use the unsafe keyword) since the constructor of a network capability requires the NetworkCapabilityCreationCapability capability. Code that checks these capabilities must possess the appropriate visibilty privileges. UDP visibility privileges are given through the UdpVisibilityCapability capability and IP visibility privileges are given through the IpVisibilityCapability capability.
An example of the visibility capabilities can be found in udp_port_table.rs. When attempting to bind to a port, we must first verify that the caller of bind has a capability to send from that port. Therefore, we check the network capability of the caller. In order to check the UDP-specific aspect of the network capability, the port table must posses a UdpVisibilityCapability reference.
Structs§
- The NetworkCapability specifies access to network resourcess across the UDP and IP layers. Access to layer-specific information is mediated by the UdpVsibilityCapability and the IpVisibilityCapability.
- The UdpVisibilityCapability and IpVisibilityCapability has an empty private field to make it so the only way to create these structs is via a call to
newwhich requires a NetworkCapabilityCreationCapability.