feat(relay): classify safety rejects as filtered
PLAN.md describes relay frame logs with separate forwarded, dropped, filtered, and rate-limited actions. The relay had the shared `Filtered` action in its log vocabulary, but safety-policy rejects were still reported as generic drops. Classify forged client source MACs and L2 safety-filter matches as filtered forwarding decisions. Malformed frames and unknown destinations remain drops, while rate limits continue to use the rate-limited action. Document the distinction in the relay README section. Test Plan: - cargo fmt --check - cargo test -p lanparty-relay - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md
This commit is contained in:
@@ -127,6 +127,8 @@ self-signed development certificate; `--dev-cert-der-out` writes that
|
||||
certificate so the gateway and client can pin it in development. Production
|
||||
certificate handling remains future work. Ethernet forwarding decisions are
|
||||
logged with room, peer, MAC, ethertype, action, drop reason, and target count.
|
||||
Safety-policy rejects use the `filtered` action so they are distinguishable
|
||||
from malformed/unknown-destination drops and rate limits.
|
||||
Unknown unicast from a client is forwarded only to the gateway port; unknown
|
||||
unicast from the gateway is dropped instead of flooded to every remote client.
|
||||
When a peer joins or leaves, the relay sends a reliable lifecycle control event
|
||||
|
||||
Reference in New Issue
Block a user