feat(relay): filter invalid source MACs
PLAN.md requires rejecting broadcast, multicast, and otherwise invalid source MACs. Client ingress already had a forged-source check against the registered client identity, but gateway ingress could still forward Ethernet frames whose source MAC was not valid unicast. Add an explicit `InvalidSourceMac` drop reason and filter invalid Ethernet source MACs before client source authorization and last-seen refresh. This keeps invalid source addresses out of both remote-client and gateway forwarding paths while preserving `UnauthorizedSourceMac` for valid unicast sources that simply belong to another client identity. Document the invalid-source filter in the relay README decomposition. Test Plan: - cargo fmt --check - cargo test -p lanparty-obs -p lanparty-relay - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md
This commit is contained in:
@@ -99,7 +99,8 @@ Public relay binary and relay-owned room state:
|
||||
- stable effective room MTU chosen before Ethernet datagrams flow
|
||||
- live Ethernet datagram forwarding with no ingress reflection
|
||||
- reliable `PeerJoined`/`PeerLeft` notifications to existing room peers
|
||||
- L2 safety filters for jumbo, switch-control, DHCP-server, and IPv6-RA frames
|
||||
- L2 safety filters for invalid-source, jumbo, switch-control, DHCP-server,
|
||||
and IPv6-RA frames
|
||||
- client broadcast/multicast, unknown-unicast, and total bandwidth limiting
|
||||
- malformed peer datagram disconnect threshold
|
||||
- peer stats control events retained for relay diagnostics
|
||||
|
||||
Reference in New Issue
Block a user