fix(gateway): reject wireless LAN interfaces
The plan explicitly keeps the physical LAN gateway wired-only for the MVP. Managed Wi-Fi adapters are not reliable for arbitrary source-MAC injection, but the gateway previously accepted any interface that could be opened as an Ethernet-like packet socket. Reject Linux interfaces that sysfs marks as wireless before opening the raw packet socket. The check looks for the common `wireless` and `phy80211` markers under `/sys/class/net/<iface>`, and keeps path separators out of interface names so the sysfs lookup stays scoped to a single netdev name. Document the wired-only enforcement in the gateway README section. Test Plan: - cargo fmt --check - git diff --check - cargo test -p lanparty-gateway - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings Refs: PLAN.md
This commit is contained in:
@@ -174,6 +174,8 @@ tunnel. It never fragments Ethernet frames; LAN frames whose encoded datagrams
|
||||
exceed the negotiated QUIC budget are counted, dropped, and logged instead of
|
||||
stopping the bridge.
|
||||
`--relay` accepts a DNS name or socket address; bare hosts default to UDP/443.
|
||||
The gateway rejects Linux interfaces that sysfs identifies as Wi-Fi; managed
|
||||
wireless NICs are not supported for the physical LAN bridge.
|
||||
It tracks remote-client source MACs seen from relay traffic and periodically
|
||||
emits small CAM refresh frames so the physical switch keeps those MACs
|
||||
associated with the gateway port. Gateway
|
||||
|
||||
Reference in New Issue
Block a user