fix(relay): enforce ingress datagram budget
Peers advertise a datagram budget during hello, and the relay folds that into the room MTU/no-fragmentation model. Honest clients already avoid sending larger encoded frames, but the relay was still trusting ingress traffic to obey that contract before forwarding it. Drop datagrams that exceed the accepted peer's negotiated max before decode or forwarding, and log them as datagram_budget. This keeps malformed datagram disconnect accounting reserved for invalid overlay/ethernet bytes instead of policy budget drops. Test Plan: - cargo test -p lanparty-relay ingress_budget - cargo test -p lanparty-relay - cargo fmt --check - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check - git diff --cached --check Refs: MVP relay datagram budget audit
This commit is contained in:
@@ -143,6 +143,8 @@ Malformed peer datagrams log their per-peer count before the relay disconnects
|
||||
peers that cross the malformed-datagram threshold.
|
||||
Relay egress skips caused by a target peer's smaller datagram budget are logged
|
||||
with the ingress peer, target peer, encoded length, and target budget.
|
||||
Ingress datagrams larger than the sending peer's negotiated datagram budget are
|
||||
dropped before decode/forwarding and logged with `reason=datagram_budget`.
|
||||
Unknown unicast from a client is forwarded only to the gateway port; unknown
|
||||
unicast from the gateway is dropped instead of flooded to every remote client.
|
||||
When a peer joins or leaves, the relay sends a reliable lifecycle control event
|
||||
|
||||
Reference in New Issue
Block a user