feat(client): warn on TAP default routes

PLAN.md calls for a user-facing warning when TAP routing could steal the relay path. The client already disables TAP default routes under a scoped guard, but the startup output only reported the previous raw flag value. Format the route-protection message as a warning whenever default routes were enabled before the scoped override. Keep the already-disabled case quiet and explicit, and cover both messages with tests that run on non-Windows builds. Document the startup warning alongside the existing route-protection behavior. Test Plan: - cargo fmt --check - cargo test -p lanparty-client-win -p lanparty-client-route - cargo test --workspace - cargo clippy --workspace --all-targets -- -D warnings - git diff --check Refs: PLAN.md
2026-05-21 21:58:46 +02:00
parent 21a69626e0
commit e533131c74
2 changed files with 33 additions and 6 deletions
@@ -197,10 +197,11 @@ TAP media connected, and reports the driver MAC/MTU before forwarding frames,
 along with the TAP interface index/LUID. The client applies a scoped TAP
 interface metric and disables TAP default routes while it runs, periodically
 rechecks that the relay route remains pinned, then restores the previous route
-policy on exit. Startup still fails before bridging if the driver-reported MAC
-does not match the tunnel identity, because an already-initialized Windows TAP
-adapter may need to be disabled/enabled or reinstalled before it reloads the
-configured `NetworkAddress`.
+policy on exit. Startup prints a warning when TAP default routes were enabled
+before the scoped protection was applied. Startup still fails before bridging
+if the driver-reported MAC does not match the tunnel identity, because an
+already-initialized Windows TAP adapter may need to be disabled/enabled or
+reinstalled before it reloads the configured `NetworkAddress`.
 It prints and reports client diagnostics snapshots with relay reachability,
 LAN-gateway presence, route-pinning, QUIC datagram budget, TAP status/IP,
 broadcast frame flow, frame/datagram counters, and drops. The periodic
@@ -741,12 +741,22 @@ fn print_tap_metric_override(family: IpInterfaceFamily, metric: &ScopedInterface
 #[cfg(windows)]
 fn print_tap_default_routes_override(family: IpInterfaceFamily, routes: &ScopedDefaultRoutes) {
    let previous = routes.previous();
+    let family = format!("{family:?}");
    println!(
-        "TAP {family:?} default routes disabled; previous default-routes-disabled {}",
-        previous.disable_default_routes()
+        "{}",
+        tap_default_routes_override_message(&family, previous.disable_default_routes())
    );
 }

+#[cfg(any(windows, test))]
+fn tap_default_routes_override_message(family: &str, previous_disabled: bool) -> String {
+    if previous_disabled {
+        format!("TAP {family} default routes already disabled")
+    } else {
+        format!("Warning: TAP {family} default routes were enabled; disabled while tunnel runs")
+    }
+}
+
 #[cfg(windows)]
 async fn run_tap_frame_pump(relay_io: ClientRelayIo, tap: TapAdapter) -> Result<()> {
    let tap = Arc::new(tap);
@@ -895,6 +905,22 @@ mod tests {
        assert_eq!(refreshed.ip().unwrap().to_string(), "10.73.42.51");
    }

+    #[test]
+    fn formats_tap_default_route_warning() {
+        assert_eq!(
+            tap_default_routes_override_message("Ipv4", false),
+            "Warning: TAP Ipv4 default routes were enabled; disabled while tunnel runs"
+        );
+    }
+
+    #[test]
+    fn formats_already_disabled_tap_default_routes() {
+        assert_eq!(
+            tap_default_routes_override_message("Ipv6", true),
+            "TAP Ipv6 default routes already disabled"
+        );
+    }
+
    #[test]
    fn accepts_relay_domain_with_default_port() {
        let args = ClientArgs::parse_from([