Note
Aggregate is very much a hobby-project and has rough edges, use it at your own risk!
A Secure TCP Client & Server Framework
- Asynchronous through
tokio - Encryption and decryption done via
magic-cryptseamlessly for all data - Zlib compression and decompression done via
flate2seamlessly for all data - Automatic buffering for all packets that exceed
40kbin total size - SOCKS5 Proxy Client connection support
- Automatic packet length header to treat TCP as a packet-based protocol (like UDP)
- Documented and easy-to-read codebase
Packets are processed in several steps:
Headers:
u32: Magic - For basic integrity checksu8: Packet Type - For determining the packet type, used with automatic bufferingu128: Packet Signature - For coupling together buffering packets, this is the unix timestamp and will be the same for all chunks in the same packetu32: Packet Length - Ensuring the receiver reads the correct length; This is the length of the processed packet data
Data:
- Compress packet data
- Encrypt compressed data
After all steps have been processed in order, the packet is sent.
Aggregate offers some security through:
- A magic header value, if it doesn't match on both the client and server, then the packet won't be processed
- Encryption and compression, a custom encryption key is required
- Server: Authorization checks
Important
Aggregate's server by default doesn't trust any AGClientData instance when it comes to sending packets.
The client may send packets, but unless you call authorize_client(aggregate_server_instance) on the AGClientData instance, then the server won't send any to them.
The only exception to this rule is if you call a send_packet* function and set the allow_unauthorized parameter to true, which is not recommended for constant usage.
Instead you are supposed to send an authorization packet yourself and process data properly; not blindly trust everyone.