ddidderr/softlan-vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(relay): forward live Ethernet datagrams

Browse Source 
The relay now keeps active peer sessions alongside room admission state. After
a successful hello/welcome handshake, the connection enters a datagram loop
and stays registered until the QUIC connection closes.

Incoming datagrams are only considered for forwarding when their overlay room
id, peer id, and Ethernet frame type match the peer assigned by the relay.
The relay then reuses the existing room forwarding decision logic, clones the
matching live target sessions, and sends a relay-stamped Ethernet datagram to
each connected target that can carry the frame.

This keeps spoofable wire metadata out of the trust boundary: clients can put
whatever they want in an overlay header, but the relay forwards using the
room and peer identity established during the control handshake.

Test Plan:
- cargo fmt --check
- cargo test --workspace
- cargo clippy --workspace --all-targets -- -D warnings

Refs: PLAN.md QUIC DATAGRAM Ethernet forwarding path
This commit is contained in:
ddidderr
2026-05-21 17:55:58 +02:00
parent b8ae95a911
commit 756523927a
4 changed files with 295 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+5 -5
View File
@@ -46,7 +46,7 @@ Public relay binary and relay-owned room state:
- room admission for clients and gateways
- one gateway per room, duplicate client MAC rejection, and room limits
- stable effective room MTU chosen before Ethernet datagrams flow
- Ethernet datagram forwarding decisions with no ingress reflection
- live Ethernet datagram forwarding with no ingress reflection
- peer leave cleanup for room membership and MAC indexes
## Build
@@ -63,7 +63,7 @@ cargo run -p lanparty-relay -- --listen 443/udp
`--listen` accepts either a socket address or a UDP port shorthand such as
`443/udp`. The relay binds a QUIC endpoint, accepts a control-stream `hello`,
and replies with `welcome` or `reject`. Ethernet datagram forwarding is still
implemented as relay-owned decisions but not yet wired to live QUIC datagrams.
It currently uses a generated self-signed development certificate; production
certificate and client trust handling remain future work.
replies with `welcome` or `reject`, and forwards live Ethernet QUIC datagrams
between accepted peers in the same room. It currently uses a generated
self-signed development certificate; production certificate and client trust
handling remain future work.