feat(relay): cap total client frame bandwidth
Client-originated Ethernet frames now pass through a per-peer byte token bucket after source and safety validation and before destination-specific forwarding. The fixed MVP default allows a 4 MiB burst with a 2 MiB/s refill, giving normal LAN-game traffic headroom while preventing one client from filling the relay path indefinitely. The existing frame burst buckets now share the same `TokenBucket` type with a unit cost of one frame. Keeping this state in `Room` preserves forwarding-policy ownership and lets tests drive explicit instants. This completes the relay-side abuse limit list from PLAN.md. Configurable rate limits remain future work. Test Plan: - cargo fmt --check - cargo test -p lanparty-relay - cargo clippy -p lanparty-relay --all-targets -- -D warnings - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md
This commit is contained in:
@@ -80,7 +80,7 @@ Public relay binary and relay-owned room state:
|
||||
- stable effective room MTU chosen before Ethernet datagrams flow
|
||||
- live Ethernet datagram forwarding with no ingress reflection
|
||||
- L2 safety filters for jumbo, switch-control, DHCP-server, and IPv6-RA frames
|
||||
- client broadcast/multicast and unknown-unicast burst limiting
|
||||
- client broadcast/multicast, unknown-unicast, and total bandwidth limiting
|
||||
- malformed peer datagram disconnect threshold
|
||||
- peer leave cleanup for room membership and MAC indexes
|
||||
|
||||
|
||||
Reference in New Issue
Block a user