Skip to content
/ rustguard Public

A high-performance, userspace WireGuard implementation in Rust. Features GSO/GRO offloading, batch I/O, and a thread-per-core architecture for maximum throughput.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rich7420/rustguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
docs
docs
 
 
rustguard-cli
rustguard-cli
 
 
rustguard-core
rustguard-core
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
SPECIFICATION.md
SPECIFICATION.md
 
 

Repository files navigation

RustGuard

A high-performance WireGuard implementation in Rust, designed for production deployment.

Overview

RustGuard is a next-generation userspace WireGuard implementation designed for extreme performance and security. By leveraging modern Linux networking capabilities—including Generic Segmentation Offload (GSO), Generic Receive Offload (GRO), and vectored I/O (recvmmsg)—RustGuard aims to bridge the gap between userspace flexibility and kernel-level throughput. Built entirely in Rust, it ensures memory safety without compromising on speed.

Features

  • Full Protocol Compliance: Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s
  • High-Performance I/O: Batch I/O (recvmmsg/sendmmsg), Userspace GRO/GSO
  • System Integration: Sticky Sockets (IP_PKTINFO), FwMark, ECN/DSCP inheritance
  • Security: Anti-replay protection (TAI64N timestamp), DoS mitigation (Cookie), rate limiting
  • Management Interface: UAPI (Unix Domain Socket), compatible with wg tooling
  • Production Ready: Comprehensive error handling, logging, and test coverage

Project Structure

rust-guard/
├── rustguard-core/         # Core daemon + library
│   ├── src/                # Core implementation
│   ├── tests/              # Core tests
│   └── benches/            # Benchmarks
├── rustguard-cli/          # CLI tooling (init/doctor/monitor/reload)
│   ├── src/                # CLI commands and TUI
│   └── tests/              # CLI tests
├── SPECIFICATION.md        # Technical specification
└── docs/                   # Documentation directory

Building

Debug Build

cargo build

Release Build

cargo build --release

Testing

Run all tests:

cargo test

Run specific test suite:

cargo test --test integration_test

Running

The daemon requires root privileges for TUN device access:

sudo ./target/release/rustguardd --config wg0.conf

Documentation

User Documentation

  • User Guide - Installation, configuration, and usage (includes troubleshooting)
  • Deployment Guide - Production deployment and best practices

Developer Documentation

Technical Documentation

Generate API Documentation

# Generate and open API docs
cargo doc --open

# Generate docs for all dependencies
cargo doc --all-features --open

Dependencies

Key dependencies:

  • tokio - Async runtime
  • socket2 - System-level socket API
  • tun - TUN/TAP device interface
  • x25519-dalek - X25519 key exchange
  • chacha20poly1305 - AEAD encryption
  • blake2 - Hash function
  • dashmap - Concurrent HashMap
  • parking_lot - High-performance locks

See Cargo.toml for the complete dependency list.

License

[To be determined]

Contributing

[To be determined]

About

A high-performance, userspace WireGuard implementation in Rust. Features GSO/GRO offloading, batch I/O, and a thread-per-core architecture for maximum throughput.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages