ddidderr/softlan-vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(route): cover relay host-route pin matching

Browse Source 
The Windows client protects the relay connection by pinning a host route before
activating TAP, then checking that the best route still matches that pinned
host route after TAP route policy changes. That predicate is part of the route
boundary, not the Windows binary's frame-pump logic.

Move the exact match check onto RouteSnapshot and cover the important mismatch
cases: default-route fallback, wrong next hop, wrong interface index/LUID, and
IPv6 on-link host routes. The Windows client keeps the same behavior but calls
the route-crate helper.

Test Plan:
- cargo fmt --check
- cargo test -p lanparty-client-route matches_pinned_host_route_identity
- cargo test -p lanparty-client-route matches_ipv6_on_link_pinned_host_route
- cargo test -p lanparty-client-route
- cargo test -p lanparty-client-win
- cargo test --workspace
- cargo clippy -p lanparty-client-route --all-targets -- -D warnings
- cargo clippy -p lanparty-client-win --all-targets -- -D warnings
- cargo clippy --workspace --all-targets -- -D warnings
- cargo check -p lanparty-client-route --target x86_64-pc-windows-msvc
- git diff --check
- git diff --cached --check

Refs: MVP relay-route protection
This commit is contained in:
ddidderr
2026-05-22 07:51:44 +02:00
parent 6bf23fff19
commit 81878133d2
3 changed files with 100 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/lanparty-client-route/src/lib.rs
+93
View File
@@ -255,6 +255,21 @@ impl RouteSnapshot {
pub fn is_host_route_to(&self, destination: IpAddr) -> bool {
self.route_prefix == destination && self.route_prefix_len == host_prefix_len(destination)
}
#[must_use]
pub fn matches_pinned_host_route(
&self,
destination: IpAddr,
next_hop: Option<IpAddr>,
interface_index: u32,
interface_luid: u64,
) -> bool {
self.destination == destination
&& self.is_host_route_to(destination)
&& self.next_hop == next_hop
&& self.interface_index == interface_index
&& self.interface_luid == interface_luid
}
}
const fn host_prefix_len(destination: IpAddr) -> u8 {
@@ -425,6 +440,84 @@ mod tests {
assert!(snapshot.is_host_route_to(ip("2001:db8::10")));
}
#[test]
fn matches_pinned_host_route_identity() {
let snapshot = RouteSnapshot::new(
ip("203.0.113.10"),
ip("192.0.2.44"),
Some(ip("192.0.2.1")),
ip("203.0.113.10"),
32,
12,
34,
0,
);
assert!(snapshot.matches_pinned_host_route(
ip("203.0.113.10"),
Some(ip("192.0.2.1")),
12,
34,
));
assert!(!snapshot.matches_pinned_host_route(
ip("203.0.113.10"),
Some(ip("192.0.2.2")),
12,
34,
));
assert!(!snapshot.matches_pinned_host_route(
ip("203.0.113.10"),
Some(ip("192.0.2.1")),
13,
34,
));
assert!(!snapshot.matches_pinned_host_route(
ip("203.0.113.10"),
Some(ip("192.0.2.1")),
12,
35,
));
let default_route = RouteSnapshot::new(
ip("203.0.113.10"),
ip("192.0.2.44"),
Some(ip("192.0.2.1")),
ip("0.0.0.0"),
0,
12,
34,
25,
);
assert!(!default_route.matches_pinned_host_route(
ip("203.0.113.10"),
Some(ip("192.0.2.1")),
12,
34,
));
}
#[test]
fn matches_ipv6_on_link_pinned_host_route() {
let snapshot = RouteSnapshot::new(
ip("2001:db8::10"),
ip("2001:db8::44"),
None,
ip("2001:db8::10"),
128,
12,
34,
0,
);
assert!(snapshot.matches_pinned_host_route(ip("2001:db8::10"), None, 12, 34));
assert!(!snapshot.matches_pinned_host_route(
ip("2001:db8::10"),
Some(ip("2001:db8::1")),
12,
34,
));
}
#[test]
fn exposes_network_interface_identity_fields() {
let identity = NetworkInterfaceIdentity::new(12, 34);