feat(relay): rate limit client multicast floods
The relay now applies a small token bucket to broadcast and multicast frames originating from remote clients. Those frames are necessary for ARP, DHCP, and LAN discovery, but they are also the easiest way for one remote peer to flood every participant and the LAN gateway. When a client exceeds the burst budget, the relay returns a rate-limited forwarding decision instead of forwarding the frame. This is intentionally only the first rate-limit slice from PLAN.md. Unknown unicast limits and total bandwidth limits remain separate follow-up work. The limiter lives in room state because forwarding policy already knows the ingress role, destination MAC, and room membership, and tests can drive it with explicit Instants without involving QUIC timing. Test Plan: - cargo fmt --check - cargo test -p lanparty-relay - cargo clippy -p lanparty-relay --all-targets -- -D warnings - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md
This commit is contained in:
@@ -80,6 +80,7 @@ Public relay binary and relay-owned room state:
|
||||
- stable effective room MTU chosen before Ethernet datagrams flow
|
||||
- live Ethernet datagram forwarding with no ingress reflection
|
||||
- L2 safety filters for jumbo, switch-control, DHCP-server, and IPv6-RA frames
|
||||
- client broadcast/multicast burst limiting
|
||||
- malformed peer datagram disconnect threshold
|
||||
- peer leave cleanup for room membership and MAC indexes
|
||||
|
||||
|
||||
Reference in New Issue
Block a user