Arus-Proxy: High-Performance Async Reverse Proxy in Rust

Arus-Proxy is a technical deep-dive into the Rust ecosystem, specifically designed to tackle the "Three Walls of Rust": Ownership & Lifetimes, Asynchronous Concurrency (Send+Sync), and Unsafe FFI (Foreign Function Interface).

This project isn't just a proxy; it’s a demonstration of building memory-safe, high-concurrency systems that interface directly with low-level C libraries without sacrificing performance.

---

🚀 Key Features

• Zero-Copy Config Engine: Optimized memory management using Cow<'a, str> and custom lifetimes to minimize heap allocations during request routing.
• Asynchronous Core: Powered by Tokio, handling thousands of concurrent TCP streams using non-blocking I/O and efficient task scheduling.
• Dynamic C-Plugin System: A modular architecture that loads external C libraries (.so/.dll) at runtime to perform packet transformation using Unsafe Rust.
• Thread-Safe State Management: Real-time traffic analytics using Arc<RwLock<T>> and atomic operations to ensure data integrity across threads.
• Hot-Reloadable: Update proxy logic and backend targets without restarting the service.

---

🏗️ The Three Walls Architecture

This project was architected to solve the three most difficult challenges in Rust development:

🧱 Wall 1: Memory Sovereignty (Ownership & Lifetimes)

Implemented a configuration manager that avoids unnecessary .clone() calls. By utilizing Lifetimes and Smart Pointers, the proxy maintains a single source of truth for routing rules, ensuring the Borrow Checker validates every memory access at compile-time.

🧱 Wall 2: High-Concurrency (Async & Send+Sync)

The proxy engine utilizes an Async-first approach. To move data across threads safely, I implemented strict Trait Bounds (Send + Sync). Challenges involving shared state (like connection counters) were solved using fine-grained locking mechanisms to prevent race conditions while maintaining high throughput.

🧱 Wall 3: The Escape Hatch (Unsafe & FFI)

To achieve maximum performance for packet filtering, Arus-Proxy interfaces with C-language plugins. This required:

• Careful management of Raw Pointers.
• Ensuring memory alignment and layout compatibility between Rust and C.
• Encapsulating Unsafe blocks within safe abstractions to maintain Rust's overall safety guarantees.

---

🛠️ Technical Stack

• Language: Rust (Stable)
• Runtime: Tokio (Full-featured)
• Dynamic Loading: libloading
• Optimization: Zero-copy parsing, SmallVec, and Cow
• Error Handling: anyhow & thiserror

---

📂 Project Structure

arus-proxy/
├── src/
│   ├── config/   # Ownership & Lifetime demonstrations
│   ├── proxy/    # Async, Send+Sync, and TCP Stream handling
│   ├── plugin/   # Unsafe FFI and C-interop logic
│   └── main.rs   # Application entry point
├── c_plugins/    # External C libraries for packet filtering
└── Cargo.toml    # Optimized dependency management

🛠️ Getting Started

1. Clone the repository:

   git clone [https://github.com/OprekerSejati/arus-proxy.git](https://github.com/OprekerSejatiarus-proxy.git)

2. Build the C-Plugin:

   gcc -shared -o c_plugins/filter.so -fPIC c_plugins/filter.c

3. Run the Proxy:

   cargo run --release

✅ Quick Commands (Makefile)

Use these shortcuts from project root:

make build         # cargo build
make check         # cargo check
make build-plugin  # build C dynamic library
make run           # run proxy with proxy.conf
make test-e2e      # run full end-to-end transform test

👨‍💻 Author Rifqi Ramadhan Systems Engineer & AI Enthusiast LinkedIn | GitHub

This project is licensed under the MIT License.