fix(relay): keep unknown unicast on gateway path
The relay models the physical LAN as the gateway port, not as another remote client. Client-originated unknown unicast now forwards only to the gateway, and gateway-originated unknown unicast is dropped unless it resolves to a registered remote client. Broadcast and multicast fanout is unchanged. This prevents promiscuous gateway capture of unrelated LAN unicast from being flooded to every remote client. It also keeps client-to-LAN traffic from needlessly leaking to other clients in the room. Test Plan: - cargo fmt --check - cargo test -p lanparty-relay - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md
This commit is contained in:
@@ -105,6 +105,8 @@ self-signed development certificate; `--dev-cert-der-out` writes that
|
||||
certificate so the gateway and client can pin it in development. Production
|
||||
certificate handling remains future work. Ethernet forwarding decisions are
|
||||
logged with room, peer, MAC, ethertype, action, drop reason, and target count.
|
||||
Unknown unicast from a client is forwarded only to the gateway port; unknown
|
||||
unicast from the gateway is dropped instead of flooded to every remote client.
|
||||
|
||||
## Gateway
|
||||
|
||||
|
||||
Reference in New Issue
Block a user