fix(gateway): drop unsafe LAN frames before relay send

The relay already filters invalid source MACs, jumbo frames, and L2 control plane traffic. The gateway bridge was still encoding those LAN frames and sending them to the relay first, so gateway logs could say forwarded even when the relay would later drop the frame. Classify that same local LAN-send subset before QUIC DATAGRAM encoding. The gateway now records and reports these frames as local drops, keeps the relay as the trust boundary, and avoids spending relay bandwidth on frames that can never reach remote clients. Document that gateway-side local drops cover invalid source MACs, L2 control plane traffic, jumbo frames, and datagram-budget failures. Test Plan: - cargo test -p lanparty-gateway - cargo fmt --check - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md LAN-to-remote control-plane filtering
2026-05-22 05:04:09 +02:00
parent 3c1a35ea00
commit 985e4d9eed
2 changed files with 99 additions and 7 deletions
@@ -178,9 +178,10 @@ gateway that cannot bridge. Once both sides are ready, it bridges Ethernet
 frames between the relay and wired LAN until shutdown. It captures whole LAN
 frames up to the
 overlay payload-length ceiling before deciding whether they fit the tunnel. It
-never fragments Ethernet frames; LAN frames whose encoded datagrams exceed the
-negotiated QUIC budget are counted, dropped, and logged instead of stopping the
-bridge.
+never fragments Ethernet frames; LAN frames with invalid source MACs, L2
+control-plane traffic, jumbo frames, or encoded datagrams exceeding the
+negotiated QUIC budget are counted, dropped, and logged locally instead of
+stopping the bridge or consuming relay bandwidth.
 `--relay` accepts a DNS name or socket address; bare hosts default to UDP/443.
 The gateway rejects Linux interfaces that sysfs identifies as Wi-Fi, and rejects
 wired interfaces whose sysfs carrier state reports no link; managed wireless