From 9821aabf0b50d2487b07502d3d2cd89e7d62bdbe Mon Sep 17 00:00:00 2001
From: murilo ijanc
Date: Tue, 24 Mar 2026 15:04:03 -0300
Subject: Initial commit

NAT-aware Kademlia DHT library for peer-to-peer networks.

Features:
- Distributed key-value storage (iterative FIND_NODE, FIND_VALUE, STORE)
- NAT traversal via DTUN hole-punching and proxy relay
- Reliable Datagram Protocol (RDP) with 7-state connection machine
- Datagram transport with automatic fragmentation/reassembly
- Ed25519 packet authentication
- 256-bit node IDs (Ed25519 public keys)
- Rate limiting, ban list, and eclipse attack mitigation
- Persistence and metrics
- OpenBSD and Linux support
---
 src/config.rs | 139 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 139 insertions(+)
 create mode 100644 src/config.rs

(limited to 'src/config.rs')

diff --git a/src/config.rs b/src/config.rs
new file mode 100644
index 0000000..b2aaf02
--- /dev/null
+++ b/src/config.rs
@@ -0,0 +1,139 @@
+//! Node configuration.
+//!
+//! All tunable parameters in one place. Passed to
+//! `Tessera::bind_with_config()`.
+
+use std::time::Duration;
+
+/// Configuration for a Tessera node.
+#[derive(Debug, Clone)]
+pub struct Config {
+    /// Maximum entries per k-bucket (default: 20).
+    pub bucket_size: usize,
+
+    /// Number of closest nodes returned in lookups
+    /// (default: 10).
+    pub num_find_node: usize,
+
+    /// Maximum parallel queries per lookup (default: 6).
+    pub max_query: usize,
+
+    /// Single RPC query timeout (default: 3s).
+    pub query_timeout: Duration,
+
+    /// Maximum iterative query duration (default: 30s).
+    pub max_query_duration: Duration,
+
+    /// Data restore interval (default: 120s).
+    pub restore_interval: Duration,
+
+    /// Bucket refresh interval (default: 60s).
+    pub refresh_interval: Duration,
+
+    /// Maintain (mask_bit exploration) interval
+    /// (default: 120s).
+    pub maintain_interval: Duration,
+
+    /// Default value TTL in seconds (default: 300).
+    /// Max 65535 (~18 hours). For longer TTLs, use
+    /// periodic republish.
+    pub default_ttl: u16,
+
+    /// Maximum value size in bytes (default: 65536).
+    pub max_value_size: usize,
+
+    /// Rate limiter: messages per second per IP
+    /// (default: 50).
+    pub rate_limit: f64,
+
+    /// Rate limiter: burst capacity (default: 100).
+    pub rate_burst: u32,
+
+    /// Maximum nodes per /24 subnet (default: 2).
+    pub max_per_subnet: usize,
+
+    /// Enable DTUN (NAT traversal) (default: true).
+    pub enable_dtun: bool,
+
+    /// Require Ed25519 signature on all packets
+    /// (default: true). Set to false only for testing.
+    pub require_signatures: bool,
+
+    /// Ban threshold: failures before banning a peer
+    /// (default: 3).
+    pub ban_threshold: u32,
+
+    /// Ban duration in seconds (default: 10800 = 3h).
+    pub ban_duration_secs: u64,
+
+    /// Node activity check interval (default: 120s).
+    /// Proactively pings routing table peers to detect
+    /// failures early.
+    pub activity_check_interval: Duration,
+
+    /// Store retry interval (default: 30s). How often
+    /// to sweep for timed-out stores and retry them.
+    pub store_retry_interval: Duration,
+}
+
+impl Default for Config {
+    fn default() -> Self {
+        Self {
+            bucket_size: 20,
+            num_find_node: 10,
+            max_query: 6,
+            query_timeout: Duration::from_secs(3),
+            max_query_duration: Duration::from_secs(30),
+            restore_interval: Duration::from_secs(120),
+            refresh_interval: Duration::from_secs(60),
+            maintain_interval: Duration::from_secs(120),
+            default_ttl: 300,
+            max_value_size: 65536,
+            rate_limit: 50.0,
+            rate_burst: 100,
+            max_per_subnet: 2,
+            enable_dtun: true,
+            require_signatures: true,
+            ban_threshold: 3,
+            ban_duration_secs: 10800,
+            activity_check_interval: Duration::from_secs(120),
+            store_retry_interval: Duration::from_secs(30),
+        }
+    }
+}
+
+impl Config {
+    /// Create a config tuned for a pastebin.
+    ///
+    /// Higher TTL (24h), larger max value (1 MB),
+    /// HMAC enabled.
+    pub fn pastebin() -> Self {
+        Self {
+            default_ttl: 65535, // ~18h, use republish for longer
+            max_value_size: 1_048_576,
+            require_signatures: true,
+            ..Default::default()
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn default_values() {
+        let c = Config::default();
+        assert_eq!(c.bucket_size, 20);
+        assert_eq!(c.default_ttl, 300);
+        assert!(c.require_signatures);
+    }
+
+    #[test]
+    fn pastebin_preset() {
+        let c = Config::pastebin();
+        assert_eq!(c.default_ttl, 65535);
+        assert_eq!(c.max_value_size, 1_048_576);
+        assert!(c.require_signatures);
+    }
+}
-- 
cgit v1.2.3