WIP

Author: Itsusinn

crates/tuic-server/src/acl.rs

@@ -729,9 +729,7 @@ fn clone_rule_type(rt: &wrule::RuleType) -> wrule::RuleType {
 	// Round-trip through Display → parse.  This works for all types that are
 	// produced by the conversion above (no Regex types are generated).
 	let s = format!("{rt},__CLONE");
-	wrule::Rule::parse(&s)
-		.map(|r| r.rule_type)
-		.unwrap_or(wrule::RuleType::Match)
+	wrule::Rule::parse(&s).map(|r| r.rule_type).unwrap_or(wrule::RuleType::Match)
 }
 
 #[cfg(test)]

crates/tuic-server/src/config.rs

@@ -469,7 +469,6 @@ impl Config {
 				self.quic.pmtu = pmtu;
 			}
 		}
-
 	}
 
 	pub fn full_example() -> Self {
@@ -1715,12 +1714,21 @@ mod tests {
 
 		// Serialize to TOML string and verify rules appear as strings
 		let serialized = toml::to_string_pretty(&result).unwrap();
-		assert!(serialized.contains("DOMAIN,ad.example.com,REJECT"), "serialized:\n{serialized}");
+		assert!(
+			serialized.contains("DOMAIN,ad.example.com,REJECT"),
+			"serialized:\n{serialized}"
+		);
 		assert!(serialized.contains("MATCH,proxy"), "serialized:\n{serialized}");
-		assert!(serialized.contains("IP-CIDR,10.0.0.0/8,direct,no-resolve"), "serialized:\n{serialized}");
+		assert!(
+			serialized.contains("IP-CIDR,10.0.0.0/8,direct,no-resolve"),
+			"serialized:\n{serialized}"
+		);
 
 		// Verify the serialized form is a string array
-		assert!(serialized.contains(r#""DOMAIN,ad.example.com,REJECT""#), "rules should be serialized as quoted strings");
+		assert!(
+			serialized.contains(r#""DOMAIN,ad.example.com,REJECT""#),
+			"rules should be serialized as quoted strings"
+		);
 	}
 
 	#[tokio::test]
@@ -1740,12 +1748,7 @@ rules = ["INVALID_TYPE,value,target"]
 
 		fs::write(&config_path, bad_config).unwrap();
 
-		let cli = Cli::try_parse_from(vec![
-			"test_binary",
-			"--config",
-			&config_path.to_string_lossy(),
-		])
-		.unwrap();
+		let cli = Cli::try_parse_from(vec!["test_binary", "--config", &config_path.to_string_lossy()]).unwrap();
 
 		let result = parse_config(cli, EnvState::default()).await;
 		assert!(result.is_err());

crates/tuic-server/src/wind_adapter.rs

@@ -52,9 +52,9 @@ use crate::{AppContext as TuicAppContext, acl::acl_to_rules, config::OutboundRul
 ///
 /// Evaluation order:
 /// 1. **Experimental guards** – reject loopback / private addresses.
-/// 2. **Unified Metacubex-style rules** – legacy ACL rules are converted
-///    to Metacubex format and prepended to explicit `rules`, then
-///    delegated to [`AclRouter`] from wind-core.
+/// 2. **Unified Metacubex-style rules** – legacy ACL rules are converted to
+///    Metacubex format and prepended to explicit `rules`, then delegated to
+///    [`AclRouter`] from wind-core.
 /// 3. If nothing matched, forward to `"default"` outbound.
 pub struct TuicRouter {
 	ctx: Arc<TuicAppContext>,
@@ -391,8 +391,8 @@ pub async fn create_inbound(ctx: Arc<TuicAppContext>) -> eyre::Result<(TuicInbou
 		// through the standalone Server path which uses a resolver.
 		// Here we attempt to load existing cert files, or fall back to self-signed.
 		tracing::warn!(
-			"auto_ssl with wind-tuic adapter is not fully supported; \
-			 attempting to load existing certs or falling back to self-signed for: {}",
+			"auto_ssl with wind-tuic adapter is not fully supported; attempting to load existing certs or falling back to \
+			 self-signed for: {}",
 			cfg.tls.hostname
 		);
 		let cert_path = &cfg.tls.certificate;
@@ -472,7 +472,6 @@ fn load_cert_from_files(
 	let cert_data = std::fs::read(cert_path)?;
 	let key_data = std::fs::read(key_path)?;
 	let certs = rustls_pemfile::certs(&mut cert_data.as_slice()).collect::<Result<Vec<_>, _>>()?;
-	let key = rustls_pemfile::private_key(&mut key_data.as_slice())?
-		.ok_or_else(|| eyre::eyre!("No private key found"))?;
+	let key = rustls_pemfile::private_key(&mut key_data.as_slice())?.ok_or_else(|| eyre::eyre!("No private key found"))?;
 	Ok((certs, key))
 }

crates/tuic-tests/tests/integration_tests.rs

@@ -175,9 +175,9 @@ fn test_fragmented_udp_packets() {
 fn test_edge_case_values() {
 	// Test edge case values for Packet command
 	let test_cases: Vec<(u16, u16, u8, u8, u16)> = vec![
-		(0, 0, 1, 0, 0),                                       // Minimum values
+		(0, 0, 1, 0, 0),                                      // Minimum values
 		(u16::MAX, u16::MAX, u8::MAX, u8::MAX - 1, u16::MAX), // Maximum values
-		(32768, 16384, 128, 64, 8192),                         // Mid-range values
+		(32768, 16384, 128, 64, 8192),                        // Mid-range values
 	];
 
 	for (assoc_id, pkt_id, frag_total, frag_id, size) in test_cases {

crates/wind-acme/src/lib.rs

@@ -40,7 +40,8 @@ pub fn is_valid_domain(hostname: &str) -> bool {
 /// started **only** when the ACME state machine actually needs to answer a
 /// challenge, and is shut down once the new certificate has been deployed.
 ///
-/// Returns a certificate resolver that can be used with a `rustls::ServerConfig`.
+/// Returns a certificate resolver that can be used with a
+/// `rustls::ServerConfig`.
 pub async fn start_acme(
 	cancel: CancellationToken,
 	hostname: &str,

crates/wind-core/src/dispatcher.rs

@@ -222,7 +222,8 @@ impl<R: Router> InboundCallback for Dispatcher<R> {
 ///
 /// Rule targets are mapped to [`RouteAction`] as follows:
 ///
-/// * `"reject"` / `"block"` / `"deny"` (case-insensitive) → [`RouteAction::Reject`]
+/// * `"reject"` / `"block"` / `"deny"` (case-insensitive) →
+///   [`RouteAction::Reject`]
 /// * anything else → [`RouteAction::Forward`] with the target name
 ///
 /// # Example

crates/wind-core/src/inbound.rs

@@ -1,6 +1,7 @@
-use crate::{tcp::AbstractTcpStream, types::TargetAddr, udp::UdpStream};
 use std::future::Future;
 
+use crate::{tcp::AbstractTcpStream, types::TargetAddr, udp::UdpStream};
+
 pub trait FutResult<T> = Future<Output = eyre::Result<T>> + Send;
 
 pub trait AbstractInbound {

crates/wind-core/src/interface.rs

@@ -41,7 +41,7 @@ pub enum Network {
 	ICMPv6,
 }
 
-#[derive(Debug, Clone, Copy)]
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum StackPrefer {
 	V4,
 	V6,
@@ -54,3 +54,113 @@ impl StackPrefer {
 		!matches!(self, StackPrefer::V4)
 	}
 }
+
+impl Serialize for StackPrefer {
+	fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+	where
+		S: serde::Serializer,
+	{
+		let s = match self {
+			StackPrefer::V4 => "v4",
+			StackPrefer::V6 => "v6",
+			StackPrefer::V4V6 => "v4v6",
+			StackPrefer::V6V4 => "v6v4",
+		};
+		serializer.serialize_str(s)
+	}
+}
+
+impl<'de> Deserialize<'de> for StackPrefer {
+	fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+	where
+		D: serde::Deserializer<'de>,
+	{
+		let s = String::deserialize(deserializer)?;
+		match s.to_ascii_lowercase().as_str() {
+			"v4" | "v4only" | "only_v4" => Ok(StackPrefer::V4),
+			"v6" | "v6only" | "only_v6" => Ok(StackPrefer::V6),
+			"v4v6" | "v4_v6" | "v4first" | "prefer_v4" => Ok(StackPrefer::V4V6),
+			"v6v4" | "v6_v4" | "v6first" | "prefer_v6" => Ok(StackPrefer::V6V4),
+			_ => Err(serde::de::Error::custom(format!("invalid stack preference: '{s}'"))),
+		}
+	}
+}
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+
+	#[test]
+	fn test_stack_prefer_serialize() {
+		assert_eq!(serde_json::to_string(&StackPrefer::V4).unwrap(), r#""v4""#);
+		assert_eq!(serde_json::to_string(&StackPrefer::V6).unwrap(), r#""v6""#);
+		assert_eq!(serde_json::to_string(&StackPrefer::V4V6).unwrap(), r#""v4v6""#);
+		assert_eq!(serde_json::to_string(&StackPrefer::V6V4).unwrap(), r#""v6v4""#);
+	}
+
+	#[test]
+	fn test_stack_prefer_deserialize_canonical() {
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v4""#).unwrap(), StackPrefer::V4);
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v6""#).unwrap(), StackPrefer::V6);
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v4v6""#).unwrap(), StackPrefer::V4V6);
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v6v4""#).unwrap(), StackPrefer::V6V4);
+	}
+
+	#[test]
+	fn test_stack_prefer_deserialize_aliases() {
+		// V4 aliases
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v4only""#).unwrap(), StackPrefer::V4);
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""only_v4""#).unwrap(), StackPrefer::V4);
+
+		// V6 aliases
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v6only""#).unwrap(), StackPrefer::V6);
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""only_v6""#).unwrap(), StackPrefer::V6);
+
+		// V4V6 aliases
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v4_v6""#).unwrap(), StackPrefer::V4V6);
+		assert_eq!(
+			serde_json::from_str::<StackPrefer>(r#""v4first""#).unwrap(),
+			StackPrefer::V4V6
+		);
+		assert_eq!(
+			serde_json::from_str::<StackPrefer>(r#""prefer_v4""#).unwrap(),
+			StackPrefer::V4V6
+		);
+
+		// V6V4 aliases
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""v6_v4""#).unwrap(), StackPrefer::V6V4);
+		assert_eq!(
+			serde_json::from_str::<StackPrefer>(r#""v6first""#).unwrap(),
+			StackPrefer::V6V4
+		);
+		assert_eq!(
+			serde_json::from_str::<StackPrefer>(r#""prefer_v6""#).unwrap(),
+			StackPrefer::V6V4
+		);
+	}
+
+	#[test]
+	fn test_stack_prefer_deserialize_case_insensitive() {
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""V4""#).unwrap(), StackPrefer::V4);
+		assert_eq!(serde_json::from_str::<StackPrefer>(r#""V4V6""#).unwrap(), StackPrefer::V4V6);
+		assert_eq!(
+			serde_json::from_str::<StackPrefer>(r#""V6First""#).unwrap(),
+			StackPrefer::V6V4
+		);
+	}
+
+	#[test]
+	fn test_stack_prefer_deserialize_invalid() {
+		assert!(serde_json::from_str::<StackPrefer>(r#""invalid""#).is_err());
+		assert!(serde_json::from_str::<StackPrefer>(r#""v5""#).is_err());
+	}
+
+	#[test]
+	fn test_stack_prefer_roundtrip() {
+		for variant in [StackPrefer::V4, StackPrefer::V6, StackPrefer::V4V6, StackPrefer::V6V4] {
+			let serialized = serde_json::to_string(&variant).unwrap();
+			let deserialized: StackPrefer = serde_json::from_str(&serialized).unwrap();
+			assert_eq!(variant, deserialized);
+		}
+	}
+}