fix(relay): honor advertised egress budgets
Peers announce a QUIC datagram budget in their hello, and the relay clamps that value against the transport's negotiated max before room admission. The relay used that clamped value for MTU selection, but stored the raw transport budget in the live peer session. A peer that intentionally advertised a smaller budget could therefore receive egress datagrams larger than it promised to accept. Store the post-clamp hello budget in AcceptedPeer and PeerSession instead. That keeps the existing relay egress skip path tied to the same negotiated size used for room MTU decisions. The handshake regression now advertises a budget below the QUIC transport budget and asserts that the accepted peer records the advertised value. The README decomposition also calls out the per-peer egress-budget invariant. Test Plan: - cargo fmt --check - cargo test -p lanparty-relay - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check - git diff --cached --check Refs: PLAN.md No fragmentation for MVP
This commit is contained in:
@@ -98,6 +98,7 @@ Public relay binary and relay-owned room state:
|
||||
- one gateway per room, duplicate client MAC rejection, and room limits
|
||||
- stable effective room MTU chosen before Ethernet datagrams flow
|
||||
- live Ethernet datagram forwarding with no ingress reflection
|
||||
- per-peer egress budget checks against the negotiated datagram size
|
||||
- reliable `PeerJoined`/`PeerLeft` notifications to existing room peers
|
||||
- L2 safety filters for invalid-source, jumbo, switch-control, DHCP-server,
|
||||
and IPv6-RA frames
|
||||
|
||||
Reference in New Issue
Block a user